A recent surge in attacks utilizing the Gootkit malware loader has targeted the Australian healthcare sector, according to cybersecurity firm Trend Micro.
The malware, also known as Gootloader, is known for using search engine optimization (SEO) poisoning tactics to gain initial access.
It typically works by compromising legitimate infrastructure and planting malware on those sites using common keywords.
Gootkit is capable of stealing data from browsers, performing adversary-in-the-browser attacks, keylogging, taking screenshots, and other malicious actions.
The researchers have found that the malware has expanded beyond targeting accounting and law firms and is now using keywords such as “hospital,” “health,” “medical,” and “enterprise agreement” paired with various city names in Australia.
The malware lures users to an infected WordPress blog that tricks them into downloading malware-laden ZIP files.
The attackers use legitimate tools such as VLC Media Player to establish persistence on the machine and carry out further malicious activities.