Infections via malicious Google ads has become increasingly utilized by threat actors in recent months, indicating the popularity of such a tactic gaining traction. It is recommended to install an ad blocker on web browsers, as this can help prevent these malicious Google ads from being served. This can help prevent an unsuspecting user from accidentally visiting the malicious website instead of the legitimate one. In cases where a masquerading malware such as Gootkit is downloaded, it is highly recommended to make sure proper endpoint security controls are installed on all devices within an organization. This can help prevent the malware from infecting the system in the first place. In cases where prevention does not occur, detection can be used to help alert the organization to a possible infection. The Gootkit infection and subsequent network compromise steps exhibit behavior that can be considered abnormal on normal systems. This includes behaviors such as wscript.exe creating a scheduled task, wscript.exe launching powershell.exe, powershell.exe communicating to unknown remote IP addresses, and PSExec being utilized to access a remote system. Binary Defense’s Managed Detection and Response service is an excellent asset to assist with these types of detection needs.
https://thehackernews.com/2023/02/gootkit-malware-adopts-new-tactics-to.html
https://www.cybereason.com/blog/threat-alert-gootloader-seo-poisoning-and-large-payloads-leading-to-compromise
