CyberSecurityBoard
Sponsor Register Login

GootLoader Is Back With New ZIP File Trickery

GootLoader, a notorious malware loader, has resurfaced with a new tactic involving ZIP file trickery to bypass security measures. This resurgence highlights the evolving threat landscape where cybercriminals continuously adapt their methods to infiltrate systems. The new technique involves embedding malicious payloads within ZIP archives, exploiting user trust and automated scanning weaknesses. Organizations must enhance their email and file scanning protocols to detect such sophisticated delivery methods. Awareness and updated cybersecurity defenses are crucial to mitigate the risks posed by GootLoader's latest campaign. This article delves into the mechanics of the new ZIP file trickery, its implications for cybersecurity, and recommended protective measures to safeguard digital assets against this persistent threat.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 06 Nov 2025 14:45:17 +0000


Cyber News related to GootLoader Is Back With New ZIP File Trickery

New Malware Uses Fileless Technique to Deploy Ransomware - The group behind the Windows Gootloader malware, known as UNC2565, has effectively modified the code to make it more intrusive and difficult to detect. Researchers at Mandiant noted UNC2565 started making significant adjustments to its operational ...
2 years ago Cybersecuritynews.com
Dissecting GootLoader With Node.js - This article shows how to circumvent anti-analysis techniques from GootLoader malware while using Node.js debugging in Visual Studio Code. In our debugging endeavor for GootLoader files, we use a Windows host with Node.js JavaScript runtime and ...
1 year ago Unit42.paloaltonetworks.com
GootLoader Is Back With New ZIP File Trickery - GootLoader, a notorious malware loader, has resurfaced with a new tactic involving ZIP file trickery to bypass security measures. This resurgence highlights the evolving threat landscape where cybercriminals continuously adapt their methods to ...
6 days ago Cybersecuritynews.com
Exploring the Increasing Danger of GootLoader - GootLoader is a malicious software that was created from GootKit, a banking trojan that first appeared in 2014. It has since been updated and given a new name to reflect its new purpose in 2021. The same group is responsible for both versions of the ...
2 years ago Securityweek.com
GootBot Implant Heightens Risk of Post-Infection Ransomware - A "GootBot" implant, a variant of the notorious Gootloader malware, has been discovered by the IBM X-Force team. In an advisory published Monday, X-Force noted that Gootloader has typically been utilized as an initial access malware. The introduction ...
1 year ago Infosecurity-magazine.com
Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
1 year ago Darkreading.com LockBit
GootLoader malware is back with new tricks after 7-month break - GootLoader malware has resurfaced after a seven-month hiatus, introducing new tactics to evade detection and compromise systems. This malware, known for its stealthy delivery and persistence, primarily targets Windows environments by leveraging ...
6 days ago Bleepingcomputer.com GootLoader operators
Gootkit Malware Continues to Evolve with New Components and Obfuscations - The threat actors associated with the Gootkit malware have made "Notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, ...
2 years ago Thehackernews.com
CVE-2025-46730 - MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to ...
6 months ago
Vim Command Line Text Editor Vulnerability Let Attackers Overwrite Sensitive Files - Published on July 15, 2025, this path traversal vulnerability poses significant risks to system security, though exploitation requires direct user interaction. When users open maliciously crafted zip archives, the plugin fails to properly validate ...
3 months ago Cybersecuritynews.com CVE-2025-53906
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com
Employee giving and volunteerism drives positive business outcomes - Cisco was honored last year to win the top spot on People's 2023 List of Companies That Care, and a key factor was our employee culture of giving back. We've been on a multi-year journey to engage our employees for positive impact at scale. Not only ...
1 year ago Feedpress.me
FBI warnings are true—fake file converters do push malware - "The FBI Denver Field Office is warning that agents are increasingly seeing a scam involving free online document converter tools, and we want to encourage victims to report instances of this scam," reads the warning. This JavaScript file is ...
7 months ago Bleepingcomputer.com
CVE-2025-31672 - Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate ...
7 months ago
NoisyBear: Weaponizing ZIP Files for Stealthy Attacks - The article discusses the emerging threat of NoisyBear, a cyberattack technique that weaponizes ZIP files to evade detection and deliver malicious payloads. NoisyBear leverages the widespread use of ZIP archives to infiltrate systems stealthily, ...
2 months ago Cybersecuritynews.com NoisyBear
Gootloader Malware Attacking Users Via Google Search Ads Using Weaponized Documents - Security professionals recommend implementing immediate security measures including blocking web traffic to lawliner[.]com and skhm[.]org, filtering email communications from skhm[.]org, and conducting retrospective threat hunting for any historical ...
7 months ago Cybersecuritynews.com
Konfety Android Malware on Google Play Uses ZIP Manipulation to Imitate Legitimate Apps - Zimperium’s zLabs security research team has identified a new and highly sophisticated variant of the Konfety Android malware that employs advanced evasion techniques to bypass security analysis tools and conduct fraudulent advertising ...
3 months ago Cybersecuritynews.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
1 year ago Feeds.dzone.com
New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
7 months ago Therecord.media
Malicious Software Gootkit Utilizes Innovative Strategies to Target Healthcare and Financial Companies - Cybereason, a cybersecurity firm, recently discovered that the Gootkit malware is targeting healthcare and finance organizations in the U.S., U.K., and Australia. This malware has been linked to a threat actor known as UNC2565 and was first seen in ...
2 years ago Thehackernews.com
CVE-2017-5219 - An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to ...
6 years ago
New Zip Slip Vulnerability Allows Attackers to Execute Arbitrary Code - A newly discovered Zip Slip vulnerability has been identified, posing significant risks to software systems that handle archive files. This security flaw allows attackers to exploit directory traversal issues within zip archives, enabling them to ...
2 months ago Cybersecuritynews.com CVE-2024-12345
Year in Malware 2023: Recapping the major cybersecurity stories of the past year - Botnets kept coming back from the dead, ransomware actors found new ways to make money through data theft extortion and threat actors and malware who have been around for more than a decade find ways to stay relevant. After Microsoft blocked macros ...
1 year ago Blog.talosintelligence.com CVE-2023-44487 Lazarus Group Rhysida
CVE-2024-24789 - The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)