Gootloader
@Gootloader
Followers
1K
Following
225
Media
30
Statuses
2K
Security researcher dedicated to pissing off the Gootloader Threat Actor. Tox Chat: 5E7FB4CA0D59F48504AEC72907D64D71D22A00C023E584276F91DB26C924ED64C6D7F19348D2
Everywhere and nowhere
Joined April 2023
Created a new blog post to track the recent changes to #Gootloader in the last 5ish months. Check it out!.
gootloader.wordpress.com
A lot of little things have changed with the Gootloader malware since my last blog, so I feel it is time to document them publically. Oct 4th 2023, new-game[.]me is registered Nov 14 2023, My 1st Y…
1
6
27
Forgot to give a shout to @TheDFIRReport for this sick mug at @defcon. Thanks it will be filled with coffee as I pour through obfuscated JavaScript
1
0
8
Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.
385
674
3K
Who will be at @defcon #hackersummercamp? Just ordered some stickers. Will be looking to trade and cover up this my new naked laptop
1
1
15
Pretty neat. If #Gootloader pops up again, I will definitely check this out (but really hoping they retired/quit/arrested).
🛡️ Business security requires dealing with different types of threats, from mobile #malware to Python-based stealers. Let us show you exactly how you can do it 👨💻. Check out analysis of several hard-to-catch threats, including #GootLoader ⬇️.
0
0
3
RT @syedaquib77: 🚨 Threat Alert: Gootloader Malware Spreads via Google Ads . 📅 Date: 2025-04-02 . 📌 Attribution: MED MEDIA GROUP LIMITED….
0
2
0
RT @DarkReading: Gootloader Malware Resurfaces in Google Ads for Legal Docs: by Elizabeth Montalbano.
darkreading.com
Attackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered via Google-based malvertising.
0
5
0
Thanks @Cloudflare for flagging the main domain!
⚠️ New TTPs detected for #Gootloader ⚠️.Out are the PDF conversions and back in are legal document lurs. They are still using #malvertising, not SEO poisoning. 📝Full analysis:
0
0
2
Thanks to @Vultr for taking down one of the servers that are in the report! Lightning fast response!.
⚠️ New TTPs detected for #Gootloader ⚠️.Out are the PDF conversions and back in are legal document lurs. They are still using #malvertising, not SEO poisoning. 📝Full analysis:
0
0
12
Domains are registered by @Namecheap (reported via email). And the main domain is protected by @Cloudflare (reported via their online submission form.
1
0
4
⚠️ New TTPs detected for #Gootloader ⚠️.Out are the PDF conversions and back in are legal document lurs. They are still using #malvertising, not SEO poisoning. 📝Full analysis:
gootloader.wordpress.com
Update (31 Mar 2025 @ 822 PDT)Thanks to Vultr for taking down skhm[.]org! Update (31 Mar 2025 @1016 PDT)Thanks to CloudFlare for flagging lawliner[.]com! The threat actor behind the Gootloader malw…
2
29
67
Thanks @BleepinComputer for the mention. It does seem like the sites I previously reported on are dead. Still trying to see where #gootloader is hiding.
FBI warnings are true—fake file converters do push malware - @LawrenceAbrams.
0
0
11
RT @SophosXOps: Gabor Szappanos has done significant research in the past into a #malware family called #Gootloader that (for years, now) u….
0
3
0
Great write up on #gootloader , but yall missed their recent TTP change. They are no longer targeting via SEO poisoning, but instead malvertising for online PDF converters (see my recent blog post).
👾 #GootLoader is an initial-access-as-a-service #malware operating since late 2020.It is distributed via hijacked WordPress websites in SEO poisoning attacks. Learn more and collect #IOCs & samples.🔗
1
6
47
Thanks to @smica83 for finding a fresh #Gootloader sample. Because of it, I was able to write a new #YARA rule to detect it. They are still using the same #jQuery library, but removed characters I was previously matching on.
github.com
Contribute to GootloaderSites/Tools development by creating an account on GitHub.
1
5
18
