Gootkit malware returns to life alongside REvil ransomware

After a year-long vacation, the Gootkit information-stealing Trojan has returned to life alongside REvil Ransomware in a new campaign targeting Germany.

The Gootkit Trojan is Javascript-based malware that performs various malicious activities, including remote access for threat actors, keystroke capturing, video recording, email theft, password theft, and the ability to inject malicious scripts to steal online banking credentials.

Last year, the Gootkit threat actors suffered a data leak after leaving a MongoDB database exposed on the Internet. After this breach, it was believed that the Gootkit actors had shut down their operation until they suddenly came alive again earlier this month.

Read more…
Source: Bleeping Computer