Skip to main content

GootKit Targets Banks With Redirection Attacks

GootKit is a banking trojan and it has recently been tested against high profile targets in the UK financial sector. It now uses redirection attacks to collect credentials and phishing in order to direct users towards malicious websites.
Threat ID:
CC-1421
Category:
Spyware, Trojan
Threat Severity:
Low
Threat Vector:
Published:
18 May 2017 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

GootKit is a banking trojan and it has recently been tested against high profile targets in the UK financial sector. It now uses redirection attacks to collect credentials and phishing in order to direct users towards malicious websites.

Threat details

Once GootKit is installed, it will monitor which bank the user uses. The user will be redirected to a malicious website before they reach the official website of the bank. The attacker will use the details that the user has entered on the malicious website to then access the bank account.

The majority of banks now offer the option to use two-factor authentication to make attacks like this more difficult for threat actors.

Remediation steps

Type Step
  • Ensure users always have two-factor authentication set-up.
  • Ensure system vulnerabilities are patched.
  • Monitor network and proxy logs for suspicious activity.
  • Make sure that malware definitions are kept up-to-date.
  • Make sure that cyber awareness training is kept up-to-date.

Last edited: 17 February 2020 11:32 am