July 11, 2016
GootKit, one of the top ten most active banking trojans in the world, received a massive update in June, an upgrade that added core modifications to the way the malware operates, according to a report by IBM’s X-Force Research team.
GootKit is a less-known banking trojan that appeared in 2014, and unlike most of its competition, it has never had its source code leaked online, nor has it been rented via a Malware-as-a-Service operation.
The trojan is the work of a secretive criminal group that has kept a tight grip on when and whom the malware targets, focusing mainly on targeting the clients of European banks only.
While most malware generally targets a bank’s regular (retail) clients, GootKit has not shied away from going after high-end business customers with the hopes of compromising bigger accounts to steal larger sums of money.
Its mode of operation includes regular Web injects that alter the way a banking portal looks in the user’s browser in order to collect banking credentials from its victims.