An innovative method that the operators of the REvil ransomware strain and the Gootkit banking Trojan have been using for years to distribute their malware is now being used to deliver other malware as well, including the Kronos Trojan and the Cobalt Strike attack kit.
Researchers from Sophos who have been tracking the threat have dubbed the delivery mechanism Gootloader. In a new report, they described the method as deserving close scrutiny for the manner in which it leverages malicious search engine optimization (SEO) techniques as part of the malware deployment process.