The Goot loader malware targets users who are looking into whether Bengal cats are legal in Australia. When victims search for specific terms, such as legal documents, the malware is installed on their computers. A similar campaign that uses searches for "california law break room requirements" was also found, according to Google's Mandiant Managed Defense team.

The threat actors behind the operation have switched from SEO poisoning strategies to phony PDF converters promoted through malvertising campaigns, according to a security researcher who goes by the online alias GootLoader. The latest attack chain is no different from an identical campaign documented by Cybereason earlier this July. In a brief released last week, a security researcher noted that as of early November 2024, the attack chains had changed their initial access tactics.

As the researcher pointed out in a previous version of this article, the change may now target common users, including those wishing to convert PDFs to DOCX. New details regarding the Gooting loader campaigns were added to the story after it was published. Additionally, it has previously been seen to deliver other families for post-exploitation, including Cobalt Strike, IcedID, Kronos, REvil, and SystemBC.

You can access the complete report at http://www.sophos.com/security/malware-delivery-as-a-service/goot-loader-campaign-v2.0/Goot loader-campaign v2-0.0-0-10-10. The report is available in English, French, German, and Italian and was released by Sophos on Tuesday. Both the Google Play store and the company's website offer it.

Click the following link to download it: https://www.sophos.org/security-news/malicious-malware.