Law Firms at Risk of GootLoader and FakeUpdates Malware Attacks by Cybercriminals
Six Law Firms Targeted in GootLoader and SocGholish Malware Campaigns
Mar 01, 2023 – In January and February 2023, six different law firms were targeted in two separate threat campaigns distributing GootLoader and FakeUpdates (aka SocGholish) malware strains. GootLoader is a first-stage downloader that is capable of delivering a wide range of secondary payloads such as Cobalt Strike and ransomware. It employs search engine optimization (SEO) poisoning to funnel victims searching for business-related documents toward drive-by download sites that drop the JavaScript malware.
According to cybersecurity company eSentire, the threat actors compromised legitimate, but vulnerable, WordPress websites and added new blog posts without the owners’ knowledge. When victims navigated to the malicious web pages and clicked on the link to download the purported business agreement, they unknowingly downloaded GootLoader.
The disclosure from eSentire is the latest in a wave of attacks that have utilized the Gootkit malware loader to breach targets. In addition to GootLoader, SocGholish is a downloader capable of dropping more executables. The infection chain takes advantage of a website frequented by legal firms as a watering hole to distribute the malware. Notably, there has been no deployment of ransomware, suggesting that the attacks could have diversified in scope to include espionage operations.
“Prior to 2021, email was the primary infection vector used by opportunistic threat actors,” said Keegan Keplinger, eSentire researcher. “From 2021 to 2023, browser-based attacks […] have steadily been growing to compete with email as the primary infection vector. This has been largely thanks to GootLoader, SocGholish, SolarMarker, and recent campaigns leveraging Google Ads to float top search results.”
Law firms have been increasingly targeted by malicious actors utilizing malware such as GootLoader and SocGholish. It is important for businesses to remain vigilant and take steps to protect themselves from these threats.