Gootbot: A new post-exploitation implant for lateral movement

Creators of the malware Gootloader have created a new tool named GootBot. Written in PowerShell, it is deployed on compromised networks to evade detection and spread rapidly. Initially, the Gootloader group focused on stealing online banking credentials but later pivoted to ransomware. Gootloader is now primarily used to deploy other malware tools, like Cobalt Strike, to enable continuous access to compromised systems. GootBot is used to infiltrate other systems on the same network, making detection more difficult.