• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • Contact Us

iHash

News and How to's

  • Apple MacBook Air MJVE2LLA (2015) 13.3" 1.6GHz i5 8GB RAM 128GB SSD (Refurbished) for $451

    Apple MacBook Air MJVE2LLA (2015) 13.3" 1.6GHz i5 8GB RAM 128GB SSD (Refurbished) for $451
  • 30W Slim Wall Charger White for $39

    30W Slim Wall Charger White for $39
  • Leather AirTag Case – Camo for $29

    Leather AirTag Case – Camo for $29
  • Microsoft Office Home and Business for Mac 2021 Lifetime License (MJVE2LLA Bundle) for $451

    Microsoft Office Home and Business for Mac 2021 Lifetime License (MJVE2LLA Bundle)
for $451
  • Microsoft Office Home and Business for Mac 2021 Lifetime License (MQD42LLA Bundle) for $475

    Microsoft Office Home and Business for Mac 2021 Lifetime License (MQD42LLA Bundle) for $475
  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

Gootkit Malware Continues to Evolve with New Components and Obfuscations

Jan 29, 2023 by iHash Leave a Comment

Jan 29, 2023Ravie LakshmananCyber Threat / Malware

Gootkit Malware

The threat actors associated with the Gootkit malware have made “notable changes” to their toolset, adding new components and obfuscations to their infection chains.

Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is “exclusive to this group.”

Gootkit, also called Gootloader, is spread through compromised websites that victims are tricked into visiting when searching for business-related documents like agreements and contracts via a technique called search engine optimization (SEO) poisoning.

The purported documents take the form of ZIP archives that harbor the JavaScript malware, which, when launched, paves the way for additional payloads such as Cobalt Strike Beacon, FONELAUNCH, and SNOWCONE.

FONELAUNCH is a .NET-based loader designed to load an encoded payload into memory, and SNOWCONE is a downloader that’s tasked with retrieving next-stage payloads, typically IcedID, via HTTP.

Gootkit Malware

While the overarching goals of Gootkit have remained unchanged, the attack sequence in itself has received significant updates, wherein the JavaScript file within the ZIP archive is trojanized and contains another obfuscated JavaScript file that consequently proceeds to execute the malware.

Gootkit Malware

The new variant, which was spotted by the threat intelligence firm in November 2022, is being tracked as GOOTLOADER.POWERSHELL. It’s worth noting that the revamped infection chain was also documented by Trend Micro earlier this month, detailing Gootkit attacks targeting the Australian healthcare sector.

What’s more, the malware authors are said to have taken three different approaches to obscure Gootkit, including concealing the code within altered versions of legitimate JavaScript libraries such as jQuery, Chroma.js, and Underscore.js, in an attempt to escape detection.

It’s not just Gootkit, as three different flavors of FONELAUNCH – FONELAUNCH.FAX, FONELAUNCH.PHONE, and FONELAUNCH.DIALTONE – have been put to use by UNC2565 since May 2021 to execute DLLs, .NET binaries, and PE files, indicating that the malware arsenal is being continuously maintained and updated.

“These changes are illustrative of UNC2565’s active development and growth in capabilities,” Mandiant researchers Govand Sinjari and Andy Morales said.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: Components, computer security, continues, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, Evolve, Gootkit, hacker news, hacking news, how to hack, information security, Malware, network security, Obfuscations, ransomware malware, software vulnerability, the hacker news

Special Offers

  • Apple MacBook Air MJVE2LLA (2015) 13.3" 1.6GHz i5 8GB RAM 128GB SSD (Refurbished) for $451

    Apple MacBook Air MJVE2LLA (2015) 13.3" 1.6GHz i5 8GB RAM 128GB SSD (Refurbished) for $451
  • 30W Slim Wall Charger White for $39

    30W Slim Wall Charger White for $39
  • Leather AirTag Case – Camo for $29

    Leather AirTag Case – Camo for $29
  • Microsoft Office Home and Business for Mac 2021 Lifetime License (MJVE2LLA Bundle) for $451

    Microsoft Office Home and Business for Mac 2021 Lifetime License (MJVE2LLA Bundle)
for $451
  • Microsoft Office Home and Business for Mac 2021 Lifetime License (MQD42LLA Bundle) for $475

    Microsoft Office Home and Business for Mac 2021 Lifetime License (MQD42LLA Bundle) for $475

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

30W Slim Wall Charger White for $39

Mar 22, 2023 By iHash

Leading With Business Integrity at the Intersection of Legal and Technology

Leading With Business Integrity at the Intersection of Legal and Technology

Mar 21, 2023 By iHash

Tags

* Apple Cisco computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS 7 iOS 8 iPhone Malware microsoft network security ransomware ransomware malware risk management Secure security security breaches security vulnerabilities software vulnerability the hacker news Threat update video Vulnerabilities web applications

Latest

Apple MacBook Air MJVE2LLA (2015) 13.3" 1.6GHz i5 8GB RAM 128GB SSD (Refurbished) for $451

Expires March 21, 2123 23:59 PST Buy now and get 43% off KEY FEATURES The Apple MacBook Air MJVE2LLA (2015) 13.3″ is a powerful and lightweight laptop that is perfect for people who are always on the go. The 13.3″ HD display provides crisp and clear images, so you can enjoy your favorite movies, TV […]

Leather AirTag Case – Camo for $29

Expires March 20, 2123 19:21 PST Buy now and get 14% off KEY FEATURES It’s all about tracking, not exposing. VogDUO AirTag Leather Case provides the best protection from privacy and damages for your personal belongings. For your best interests, we recommend the users keep the AirTag from exposure. Thus, we use Premium Italian Leather […]

Zero-click remote hacks for Samsung, Google, and Vivo smartphones

Zero-click remote hacks for Samsung, Google, and Vivo smartphones

Smartphones, tablets, and even cars with Samsung Exynos microprocessors are at risk of remote hacking. Bug hunters at Google Project Zero say you just need the victim’s phone number. This is due to the presence of 18 vulnerabilities in the Exynos baseband radio processor, which is widely used in Google, Vivo, Samsung, and many other […]

30W Slim Wall Charger Black for $39

Expires March 20, 2123 19:26 PST Buy now and get 20% off Slim Wall Charger 3-port Model No.: SPC001 Charger Pro Frequent travelers love to move around with minimal effort, which is why it makes perfect sense to carry a USB charger that can power up multiple devices simultaneously. Even better yet, if this particular […]

Heard on the Street – 3/20/2023

Welcome to insideBIGDATA’s “Heard on the Street” round-up column! In this regular feature, we highlight thought-leadership commentaries from members of the big data ecosystem. Each edition covers the trends of the day with compelling perspectives that can provide important insights to give you a competitive advantage in the marketplace. We invite submissions with a focus […]

Evades Macro Security via OneNote Attachments

Mar 20, 2023Ravie LakshmananEndpoint Security / Email Security The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to […]

Jailbreak

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

  Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate.   Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

  Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Copyright iHash.eu © 2023
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT