Cybereason WARNS Global Organizations About the Rise in GootLoader Infections

Share Article

GootLoader malware is being used to inflict harm on organizations in the United States, United Kingdom and Australia. Cybereason's incident responders have been tracking the malware in a variety of different environments.

Cybereason, the XDR company, today issued a global threat alert advisory warning organizations about a rise in global GootLoader infections. Victim organizations have been located primarily in the United States, United Kingdom and Australia. Previous reported attacks using the malware have been linked to UNC2565.

During an investigation starting in December 2022, Cybereason’s incident responders discovered SEO Poisoning techniques being used to spread the GootLoader malware in victims environments. Using SEO Poisoning threat actors optimize fraudulent websites to appear higher in search engine results. In the past, victims tend to click on links to websites that appear high in search engine results. In addition, malware operators have been abusing Google Ads to distribute their malicious payloads.

For more information on Cybereason’s GootLoader threat alert, visit:

About Cybereason
Cybereason is the XDR company, partnering with Defenders to end attacks at the endpoint, in the cloud and across the entire enterprise ecosystem. Only the AI-driven Cybereason Defense Platform provides planetary-scale data ingestion, operation-centric MalOp™ detection, and predictive response that is undefeated against modern ransomware and advanced attack techniques. Cybereason is a privately held international company headquartered in Boston with customers in more than 40 countries.

Learn more:

Follow us: Blog | Twitter | Facebook

Media contact:
Bill Keeler
Senior Director, Global Public Relations
(929) 259-3261

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Bill Keeler
Visit website