Technology NewsAustralian Healthcare Sector Targeted in Latest Gootkit Malware Attacks

Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks

-


Jan 11, 2023Ravie LakshmananHealthcare / Cyber Threat

Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks

A wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player.

Gootkit, also called Gootloader, is known to employ search engine optimization (SEO) poisoning tactics (aka spamdexing) for initial access. It typically works by compromising and abusing legitimate infrastructure and seeding those sites with common keywords.

Like other malware of its kind, Gootkit is capable of stealing data from the browser, performing adversary-in-the-browser (AitB) attacks, keylogging, taking screenshots, and other malicious actions.

Trend Micro’s new findings reveal that the keywords “hospital,” “health,” “medical,” and “enterprise agreement” have been paired with various city names in Australia, marking an malware’s expansion beyond accounting and law firms.

The starting point of the cyber assault is to direct users searching for the same keywords to an infected WordPress blog that tricks them into downloading malware-laced ZIP files.

“Upon accessing the site, the user is presented with a screen that has been made to look like a legitimate forum,” Trend Micro researchers said. “Users are led to access the link so that the malicious ZIP file can be downloaded.”

Gootkit Malware Attacks

What’s more, the JavaScript code that’s used to pull off this trickery is injected into a valid JavaScript file at random sections on the breached website.

The downloaded ZIP archive, for its part, also contains a JavaScript file that, upon execution, not only employs obfuscation to evade analysis, but is further used to establish persistence on the machine by means of a scheduled task.

The execution chain subsequently leads to a PowerShell script that’s designed to retrieve files from a remote server for post-exploitation activity, which commences only after a waiting period that ranges from a couple of hours to as long as two days.

“This latency, which clearly separates the initial infection stage from the second stage, is a distinctive feature of Gootkit loader’s operation,” the researchers said.

Once the wait time elapses, two additional payloads are dropped – msdtc.exe and libvlc.dll – the former of which is a legitimate VLC Media Player binary that’s used to load the Cobalt Strike DLL component, followed by downloading more tools to facilitate discovery.

“The malicious actors behind [Gootkit] are actively implementing their campaign,” the researchers said. “The threats targeting specific job sectors, industries, and geographic areas are becoming more aggressive.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Big Tech’s earnings show the digital ad market isn’t over yet

After a challenging 2022 in which advertising-dependent companies faced shrinking budgets and falling stock prices, this week's fourth-quarter...

You can now use the Elgato Stream Deck to control your Microsoft Teams meetings

Microsoft has released a Teams plugin for the Elgato Stream Deck, making it possible to add meeting controls...

for only 34.99 euros it is the smartest purchase

If you want to build a smart home, this Amazon speaker is one of the best purchases you...

பாக்டீரியாவால் தயாரிக்கப்பட்ட நானோவைர் காலநிலை மாற்றத்தை எதிர்த்துப் போராடுவதற்கான முக்கிய தடயங்களை வழங்குகிறது

மின்சாரம் தயாரிக்கும் பயோஃபில்ம்களுக்குப் பயன்படுத்தப்படும் மின்சார புலத்திற்கு பதில் ஜியோபாக்டரால் தயாரிக்கப்படும் "நானோவாய்கள்". இந்த நானோவாய்கள் சைட்டோக்ரோம் OmcZ இனால் ஆனது மற்றும்...

Xiaomi Redmi 10 Power (Sporty Orange, 8GB RAM, 128GB Storage)

Price: (as of - Details) Xiaomi Redmi 10 Power (Sporty Orange, 8GB RAM, 128GB Storage)Camera: 50 MP Primary...

for only 34.99 euros it is the smartest purchase

If you want to build a smart home, this Amazon speaker is one of the best purchases you...

Must read