![[article image]](https://cacm.acm.org/system/assets/0004/3648/080922_redcanary_Gootkit.large.jpg?1660061201&1660061200)
Trend Micro researchers have found that the operators of the Gootkit access-as-a-service (AaaS) malware have gone beyond using freeware installers to conceal malicious files, to using legal documents to get unsuspecting users to download them.
The Gootkit loader uses SEO poisoning, which involves malicious search engine results, to trick users into accessing compromised websites hosting malicious ZIP files to access purported real-estate disclosure agreements.
Said Trend Micro's Buddy Tancio and Jed Valderama, "The combination of SEO poisoning and compromised legitimate websites can mask indicators of malicious activity that would usually keep users on their guard."
From The Hacker News
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA
