GOOTLOADER Malware and Its Infection Chain

The threat actor GOOTLOADER is using business-themed files downloaded by users, such as tax, legal and workplace agreements, to deploy malicious software. After downloading the file, the user unknowingly executes a JS file containing the malware. This gains them persistent access to the network, explores the system and multiple accounts, and exfiltrates sensitive data. Kroll suggests this activity to be a targeted espionage campaign. Detection chances can be increased by identifying certain patterns.