The Gootloader malware originated from the Gootkit banking trojan, which has been active against European targets since 2010. The malicious operation allows third-party criminals to put their malware (especially ransomware) into a compromised network. The gang behind it has been particularly successful over the past several years.
Security researchers at eSentire have tracked recent Gootloader activities and are now explaining how it works and what’s needed to fight it. The Gootloader operation uses SEO poisoning techniques, luring potential victims to an “enormous array” of compromised WordPress blogs.