Gootloader’s new approach to post-exploitation

The cyber security branch of IBM, X-Force, has discovered a new malware variant, Gootbot, which improves stealth capabilities during lateral movement and makes detecting and blocking Gootloader campaigns harder. GootBot, a lightweight, effective malware, allows attackers to rapidly spread through networks and deploy further payloads. It is downloaded as a payload after an initial Gootloader infection and works to avoid detection for an extended period of time, increasing the risk of successful post-exploitation stages linked to ransomware.