Threat Spotlight: Gootkit Banking Trojan

Gootkit is a sophisticated banking Trojan which can perform various malicious activities such as: web injection, taking screenshots, video recording, email parsing, and so on. Gootkit emerged during the summer of 2014 but is still active, making it a viable threat to financial institutions to this day.

BlackBerry most recently observed a Gootkit campaign via AZORult infostealer malware in February, March, and April of 2019. Our monitoring revealed the threat actor changed Gootkit hosting domain names constantly and created Gootkit variants almost daily. Its core module contains several JavaScript files and the node.js runtime environment, so as a result, its file size tends to be large. In fact, our analyzed sample was over 6 MB.

Read more…
Source: BlackBerry Cylance