Sophos researchers have published a report revealing that the Gootkit malware family, a trojan mostly focused on theft of banking credentials, has been upgraded to “Gootloader” featuring increased malware delivery capabilities, according to The Hacker News. Researchers Gabor Szappanos and Andrew Brandt said Gootloader harnesses sophisticated infiltration techniques, such as manipulating search engine optimization methods to make legitimate businesses appear in the top results of search queries, and then hosting malicious ZIP archive files on their websites. Users who click on the search result are taken to a fake page with a link to a ZIP file, which injects the malware into the victim’s system and triggers the next stages of the attack, including a .NET loader and the final, encrypted payload. “The developers behind Gootkit appear to have shifted resources and energy from delivering just their own financial malware to creating a stealthy, complex delivery platform for all kinds of payloads, including REvil ransomware,” Szappanos said.