Attackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered via Google-based malvertising.
April 2, 2025 By Elizabeth Montalbano
The attackers responsible for the Gootloader malware are up to both novel and familiar tricks, with a new threat campaign that hides the infostealing payload in Google Ads that target people looking for legal templates.
The malicious ads, discovered by a security researcher who calls himself Gootloader on the X platform and posts on a blog called "Gootloader Details," are delivered via the account of an advertiser, Med Media Group Ltd., which is based in the UK. Attackers have compromised the site and are using it for their own malicious purposes, according to a recent post from the researcher, who is exclusively devoted to hunting the Gootloader malware and chooses to remain anonymous in order to not raise suspicion.
