GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks
The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts
The Malware tag covers malware families, infrastructure analysis, incident impact, disruption efforts, and defensive guidance to reduce cybersecurity risk.
Search across headline titles and summaries.
Background for this topic.
Malware is software intentionally created or modified to perform unauthorized or harmful actions on a computer, device, or network. The term covers distinct families and functions, including viruses, worms, trojans, spyware, botnet clients, and ransomware; a single sample may combine several capabilities. Its behavior—not its label—determines the security concern: it may execute code, persist, alter or encrypt data, steal credentials, or provide unauthorized remote access.
For practitioners, malware reporting is most useful when it identifies the family or tool conservatively and provides evidence such as affected platforms, samples, infrastructure, or observed behavior. Defenses include promptly patching vulnerable software, restricting execution and privileges, monitoring endpoints and networks, maintaining tested backups, and isolating suspected systems for analysis. Detection should use behavior and verified indicators rather than names alone, since variants change. If malware processes personal or regulated data, investigations should also address privacy, evidence preservation, and applicable reporting obligations.
The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts
Innocuous little Windows programs were carrying cheap malware for weeks, exposing customers of the India-based software vendor to data theft.
Attackers clear logs before exploitation and use "no caller ID" numbers to negotiate ransoms, complicating detection and forensics efforts.
The loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using the drive-by download technique this year, findings from Sekoia reveal
An unnamed South Korean enterprise resource planning (ERP) vendor's product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor
Threat actor "Velvet Ant" has been exploiting a vulnerability in Cisco's NX-OS Software for managing a variety of switches, executing commands and dropping custom malware.
A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware
"Unfurling Hemlock" has deployed malware on tens of thousands of systems worldwide by nesting multiple malicious files inside other malicious files.
Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. [...]
Critical dependency manager supply chain vulnerabilities have exposed millions and millions of devices to arbitrary malware for the better part of decade.
The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest
Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware
Fake IT support sites promote malicious PowerShell "fixes" for common Windows errors, like the 0x80070643 error, to infect devices with information-stealing malware. [...]