Back to Newsroom

Cybereason WARNS Global Organizations About the Rise in GootLoader Infections

Feb 8, 2023

Cybereason, the XDR company, today issued a global threat alert advisory warning organizations about a rise in global GootLoader infections.  Victim organizations have been located primarily in the United States, United Kingdom and Australia. Previous reported attacks using the malware have been linked to UNC2565.

During an investigation starting in December 2022, Cybereason’s incident responders discovered SEO Poisoning techniques being used to spread the GootLoader malware in victims environments. Using SEO Poisoning threat actors optimize fraudulent websites to appear higher in search engine results. In the past, victims tend to click on links to websites that appear high in search engine results. In addition, malware operators have been abusing Google Ads to distribute their malicious payloads.

For more information on Cybereason’s GootLoader threat alert, visit:

About Cybereason

Cybereason is the XDR company, partnering with Defenders to end attacks at the endpoint, in the cloud and across the entire enterprise ecosystem. Only the AI-driven Cybereason Defense Platform provides planetary-scale data ingestion, operation-centric MalOp™ detection, and predictive response that is undefeated against modern ransomware and advanced attack techniques. Cybereason is a privately held international company headquartered in Boston with customers in more than 40 countries.

Media contact:

Bill Keeler

Senior Director, Global Public Relations


(929) 259-3261