A New Strain Of GootLoader Malware Called GootBot Features Improved Evasion And Faster Spreading

The GootLoader malware has evolved with a new variant called GootBot, designed to enable lateral movement on compromised systems and avoid detection. IBM X-Force researchers noted that GootBot is introduced in the later stages of the attack to bypass detection when utilizing common tools like CobaltStrike or RDP for C2. This lightweight but potent malware facilitates rapid network spread and the deployment of additional payloads. GootLoader, known for its SEO poisoning tactics, is associated with the threat actor Hive0127 (aka UNC2565). Read more...