THREAT ALERT: GootLoader - SEO Poisoning and Large Payloads Leading to Compromise

The Cybereason Incident Response (IR) team investigated an incident which involved new deployment methods of GootLoader through heavily-obfuscated JavaScript files. In addition to the new techniques used to load GootLoader, Cybereason also observed Cobalt Strike deployment, which leveraged DLL Hijacking, on top of a VLC MediaPlayer executable.

GootLoader generally relies on JavaScript for its infections. It also uses SEO poisoning techniques to place its infected pages higher in internet browser search results. It is likely the higher the search engines …

addition alert cobalt cobalt strike compromise cybereason deployment dll dll hijacking files gootloader higher hijacking incident incident response infections javascript large obfuscated poisoning response seo seo poisoning strike team techniques threat threat alert vlc