GootKit Malware Bypasses Windows Defender by Setting Path Exclusions



As Windows Defender matures and becomes tightly integrated into Windows 10, malware writers are creating techniques to evade its detection. Such is the case with the GootKit banking Trojan, which use a UAC bypass and WMIC commands to exclude the malware executable from being scanned by Windows Defender Antivirus.

GootKit is a banking Trojan that attempts to steal the online banking credentials of infected users through video capture and redirects to fake banking sites under the attacker’s control. An interesting aspect of this infection is that it is a Node JS application packaged into an executable.

Read more…