GootKit Banking Trojan Receives Massive Update

July 11, 2016

GootKit, one of the top ten most active banking trojans in the world, received a massive update in June, an upgrade that added core modifications to the way the malware operates, according to a report by IBM’s X-Force Research team.

GootKit is a less-known banking trojan that appeared in 2014, and unlike most of its competition, it has never had its source code leaked online, nor has it been rented via a Malware-as-a-Service operation.

The trojan is the work of a secretive criminal group that has kept a tight grip on when and whom the malware targets, focusing mainly on targeting the clients of European banks only.

While most malware generally targets a bank’s regular (retail) clients, GootKit has not shied away from going after high-end business customers with the hopes of compromising bigger accounts to steal larger sums of money.

Its mode of operation includes regular Web injects that alter the way a banking portal looks in the user’s browser in order to collect banking credentials from its victims.

Read full story…