Hackers Deploy Gootloader Malware To Target Law Firms

Posted on August 10, 2023 at 5:26 PM

Hackers Deploy Gootloader Malware To Target Law Firms

Gootloader, a search engine optimization (SEO) water hole technique, has been detected launching hacking campaigns targeting search terms linked to the legal sector. This technique has been seen as a threat to people and law firms conducting online legal information searches.

Gootloader SEO water hole technique is a threat to law firms

SpiderLabs revealed this hacking exploit through a blog post published on August 10. The research firm said that the Gootloader malware was garnering interest because of being exploited on compromised WordPress sites to distribute malware. The malware also used SEO poisoning techniques to rank higher in search engines.

The researchers said that the Gootloader malware manipulates search engine results and lures users into accessing compromised websites. The malware manipulates people’s trust in search engine results to deploy malicious payloads that cause harm to victims.

The researchers at SpiderLabs also said that nearly 50% of the cases reported under the malware targeted law firms. The majority of the keywords used in these high-ranking websites are in English. However, the campaign also targets French, Germany, Portuguese, South Korea, and Spain.

A senior security research manager at Spider Labs, Karl Sigler, said that SpiderLabs has been tracking the Gootloader malware and had detected multiple campaigns that are using it, showing that the extent of the breach is massive.

Sigler also said that the malware appeared unique as it combined the SEO promotion of malicious websites to lure victims instead of conducting phishing campaigns. He also said that the hacking technique targets specific industries, resulting in high volumes of specific data sets.

“This technique balances the significant return of miscellaneous and random data from opportunistic attacks and the specific but low-quantity data from targeted attacks. Targeting a specific industry like the legal industry with this type of attack will likely result in a high volume of a specific data set,” the security researcher said.

SpiderLabs said that this hacking campaign usually begins with a search of supply agreement documents. This search will lead a web user to compromised WordPress web pages infected with the Gootloader malware.

SpiderLabs also said it had gathered multiple search queries leading to the infected websites. The most popular SEO keywords used on legal documents controlled by hackers are contracts, agreements, and forms.

Users lured with malicious download links

When web users visit compromised sites, the researchers said they would be directed to a fake forum page that has adopted social engineering tactics. The forum will entice the user to click a download link for the document they seek. The download link will redirect the user to another WordPress webpage that hackers control.

The visitor’s information will also be checked, and if the appropriate conditions are achieved, a ZIP file will be shown and made available for download. The name of this ZIP file is derived from the user’s search keyword. This ZIP file contains a malicious .JS file concerned within a JavaScript library.

Law firms are usually a target of hacking campaigns because of the sensitive data that they handle. They typically deal in sensitive information such as mergers and acquisitions, medical records, intellectual property, trusts and estates, tax information, medical data, and a wide range of other filings.

As such, the Gootloader malware may have been targeting law firms because of the rich nature of the information they harbor. The CEO of Conversant, John A. Smith, said that Gootloader had been used since late 2020 to deploy ransomware, infostealers, and remote access tools.

Law firms are also vulnerable to ransomware campaigns because most cannot afford to lose the stolen data. These firms usually build their reputation through client trust. As such, paying the ransom is usually the best alternative for those targeted by ransomware campaigns.

Smith also said this hacking campaign usually relies on end users downloading malicious files. In this case, training the end user is usually the best action to avoid these hacking campaigns.

Smith noted that end-user training was a layered defense strategy. If the cybersecurity team at these firms employed controls that blocked users from downloading these files, the appropriate file inspections were activated within the level of the controls. Despite the user’s actions, these files might not have been downloaded, making such firms safe from malicious exploits.

Summary
Hackers Deploy Gootloader Malware To Target Law Firms
Article Name
Hackers Deploy Gootloader Malware To Target Law Firms
Description
The Gootloader malware is being used to target law firms. The malware manipulates search engine results to manipulate web users. Web users are lured into downloading malicious files that compromise their devices.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Aug 17, 2023
Hackers Are Hiding Malware Within Legitimate Services Such As Slack And Trello
Aug 16, 2023
Info-Stealing Malware Exposes More Than 100,000 Hacking Forums  
Koddos

Newsletter

Get the latest stories straight
into your inbox!

Popular Articles

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Aug 28, 2023
1.2 million customers of Mom’s Meals were affected after the recent data breach
Aug 28, 2023
How VPNs Can Defend Against the Threat of Hacking
Aug 23, 2023
Terra Developers Shut Down Website Amid A Phishing Campaign

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading