GootKit: Bobbing and Weaving to Avoid Prying Eyes
Discovered in the wild in the summer of 2014, GootKit
is believed to be a privately held cybercrime tool that is not sold to other
criminals in underground forums and is operated by a closed gang. Considering
its stealth, data theft and browser manipulation capabilities, GootKit is one
of the most advanced banking Trojans active nowadays. It is used in online
banking fraud attacks that target consumer and business bank accounts primarily
located in Europe.
In online banking fraud attacks witnessed
throughout 2016, GootKit’s masters leverage this malware’s capabilities to
infiltrate the endpoints of retail and business banking customers, steal their
personal authentication credentials and manipulate their online banking
sessions with social engineering. They eventually take over those accounts and
transfer cash to mule accounts they control.
Beyond its overall modus operandi, GootKit is a
malware project that implements stealth and persistency alongside real-time,
web-based activities like dynamic webinjections, which modify the banking
website as rendered in the infected machine’s browser. Since it is operated by
one gang, GootKit is believed to have its own in-house developers focused on
evolving its stealth mechanisms, security evasion techniques and fraud
capabilities.
This blog post was published as part of my work
with IBM X-Force. Read the complete post here.
Comments
Post a Comment