LTS Secure Warning: Gootkit Trojan Spreading Periodically By Different Variations To Improve Its Cause

The Gootkit Trojan was created with the intent to steal confidential information from its victim and creates a backdoor & downloads additional malicious files on the victim device. Gootkit was initially discovered in the year 2010, after which many new iteration of the Trojan have been released to further improve its cause.

 

Technical Details

The Trojan makes it way to users via malspam campaign, injected on the user device when visiting malicious websites & exploit kits such as RIG, Angler & Neutrino.

The Trojan consists of three main modules:-

  • The Loader – Used to setup the persistent environment.
  • The Main Module – Creates a Proxy Server.
  • The Web Injection Module – Used to inject the trojan into the user device.

 

Impact

  • It affects your System Performance as well as functionality.
  • It will steal your credentials / confidential data and sends to the remote attacker.
  • Send a list of drives, processes, open windows, and files of victim device.
  • Create, modify and delete registry keys and files.
  • It makes connection to malicious domains to download & execute malicious files on the infected machines.

 

Recommended Actions

  • Always update your anti-virus software with the latest releases.
  • Try to avoid downloading and using any Freeware application.
  • Always pick Custom or Advanced installation method during freeware and shareware installation.
  • Never download any suspicious attachments or click on any shady-looking link. Take an effort to educate your users on how to identify a mail-spam.
  • Configure email server to block containing file attachments such as .vbs, .bat, .exe, .pif and .scr files.