A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads.
“The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft,” Sophos researchers Gabor Szappanos and Andrew Brandt said in a write-up published today.
“In recent years, almost as much effort has gone into improvement of its delivery method as has gone into the NodeJS-based malware itself.”
Dubbed “Gootloader,” the expanded malware delivery system comes amid a surge in the number of infections targeting users in France, Germany, South Korea, and the U.S.
Over the years, the cybercrime tool has evolved to gain new information-stealing features, with the Gootkit loader repurposed in combination with REvil/Sodinokibi ransomware infections reported last year.
While campaigns using social engineering tricks…