A new sample of the GootKit malware family evaded detection from Windows Defender by setting a path exclusion.

According to Bleeping Computer, malware researcher and reverse engineer Vitali Kremez analyzed a new sample of GootKit malware and found that it came with a way to bypass Windows Defender.

The bypass began when the malware sample ran some code to determine whether Windows Defender was running on the infected machine. If it was, GootKit executed a command to create a registry value as part of a User Account Control (UAC) bypass. It then progressed through a sequence of commands in which it whitelisted the malware executable path, thereby effectively shielding the sample from Windows Defender.

Bleeping Computer noted that this bypass would work even if Microsoft began detecting this particular GootKit sample in the future, noting that the malware’s path would still be hidden from Windows Defender in future attacks.

Malware Evasion Techniques Are Trending

The GootKit sample detected by Kremez isn’t the only threat to use evasion-based tactics in recent months. In July, Bleeping Computer reported on a sample of the TrickBot banking Trojan family that arrived with 12 new modules designed to disable Windows Defender and Microsoft Defender APT. About a month later, FortiGuard Labs observed a new Ursnif sample hiding its API functions and encrypting most data in its main module. Then, in early September, Cofense detected a phishing campaign that used SharePoint to evade email perimeter technologies in its effort to prey on banks.

How to Defend Against GootKit Malware

Security professionals can help defend their organizations against GootKit malware by using a unified endpoint management (UEM) solution to monitor all devices for suspicious activity and take any necessary precautions. Companies should also consider investing in artificial intelligence (AI)-based technology to defend against attacks that use evasion and other tactics to bypass traditional security solutions.

More from

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

How I Got Started: White Hat Hacker

3 min read - White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately helping organizations bolster their digital defenses. But what drives someone to pursue a career as a white hat hacker, and how do you get started in leveraging so-called “evil” skills for the greater good?? In this exclusive Q&A, we spoke with…

3 min read

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

Zombie APIs are a Top Security Concern as API Attacks Surge 400%

4 min read - Organizations of all sizes rely on application programming interfaces (APIs). The API explosion has been driven by several factors, including cloud computing, demand for mobile/web applications, microservices architecture and the API economy as a business model. APIs enable developers to access data remotely, integrate with other services, build modular applications and monetize their data/services. For enterprises that participated in a recent research study, the average number of APIs per organization was 15,564. Large enterprises (over 10,000 employees) had an average…

4 min read