A familiar-looking download is being used in a clever new way to sneak malware onto people’s PCs, and most users would never notice it happening.
Gootloader, a long-running malware campaign, has changed its tactics, and that change makes it easier to trick regular PC users into falling victim to it. Typically, the infection happens when someone searches online for legal templates, contracts, or other general documents. Unfortunately, the end result is anything but legal.
Downloading a file which looks harmless but is actually dangerous is nothing new. But the way that this infected file is delivered is highly innovative. Rather than arriving as a single download, it comes broken into hundreds or even thousands of tiny pieces. To the average PC user, it just looks like any other compressed file being extracted. However, behind the scenes, it’s quietly rebuilding itself into something far more dangerous.
A Thousand Pieces, One Big Problem
In Gootloader’s new attack method, the hackers split a single malicious file into roughly 1,000 small ZIP file parts. On their own, these small file fragments appear harmless, and are unlikely to raise any alarms with basic security checks. But when all of these files are extracted by the user, these fragments are rearranged and combined into a fully activated malware loader.
This technique is innovative as it ensures that the malware can sneak undetected past defenses that normally scan downloads for known threats. A flaw with most security tools is that they’re simply not sophisticated enough to identify a malicious file if it’s been reassembled from multiple fragments. Therefore, this reassembled file remains active and dangerous.
Gootloader is also clever in the way that it generates unique files – such as ZIP and JScript samples – to help evade being identified as a known, malicious file. With Gootloader’s payload executed upon activation, it also adds shortcut files to Windows’ Startup folder, a move which ensures that it’s relaunched on every system boot.
With Gootloader active on a PC, it’s capable of downloading further malware such as ransomware and data harvesting tools. Accordingly, you risk having your data either encrypted or compromised by remote hackers.
How to Stop Gootloader in Its Tracks
While Gootloader is certainly innovative, it’s possible to stay one step ahead of the attackers. As ever, educating yourself on the latest threats is the best way forward. Luckily, Ophtek are here to consolidate that learning and offer you some helpful tips which can make a real difference:
- Be cautious of downloads: unless you’re downloading from a known, trusted site, you should always be careful downloading files. If they’re something you’ve discovered through search results, it’s crucial that you verify how safe it is with an IT professional.
- Always check ZIP files: if you’re extracting the contents of a ZIP file, always make sure you check exactly what’s in there. Anything that contains either scripts or unknown file types should be scrutinized closely.
- Keep your software updated: malware can easily take advantage of outdated and unpatched software, so you need to keep all your software updated. The simplest way to achieve this is by activating automatic updates to guarantee the highest level of protection against vulnerabilities.
For more ways to secure and optimize your business technology, contact your local IT professionals.
