The Hacker News

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

GootLoader malware is abusing malformed ZIP archives that bypass common tools like WinRAR & deliver JavaScript payloads via ...
Bleeping Computer

Gootloader now uses 1,000-part ZIP archives for stealthy delivery

The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives. In doing so, the malware, which is an ...
Hosted on MSN

Gootloader malware back for the attack, serves up ransomware

Gootloader JavaScript malware, commonly used to deliver ransomware, is back in action after a period of reduced activity.… Since October 27, security shop Huntress says it has spotted three Gootloader ...
TechRadar

WordPress users beware - GootLoader strikes again, using font hack to spread malware

Gootloader malware resurfaced in late October 2025 after a nine-month hiatus, used to stage ransomware attacks Delivered via malicious JavaScript hidden in custom web fonts, enabling stealthy remote ...
Bleeping Computer

Gootloader malware is back with new tricks after 7-month break

The Gootloader malware loader operation has returned after a 7-month absence and is once again performing SEO poisoning to promote fake websites that distribute the malware. Gootloader is a JavaScript ...
Dark Reading

Gootloader Malware Resurfaces in Google Ads for Legal Docs

The attackers responsible for the Gootloader malware are up to both novel and familiar tricks, with a new threat campaign that hides the infostealing payload in Google Ads that target people looking ...
Zawya

Attackers turn delivery method for Gootkit financial malware into multi-payload "Gootloader" platform, Sophos reports

Dubai, UAE: Sophos, a global leader in next-generation cybersecurity, has published new research, “Gootloader Expands Its Payload Delivery Options,” that details how the delivery method for the ...