GootKit Malware

Gootkit is the name of a strain of malware. Hereinafter, we’ll be using the name Gootkit to refer to both the malware and the criminal group behind it.

The malware was first spotted in the wild in 2014, and it’s been evolving ever since. In the beginning, Gootkit functioned as a banking trojan — all in rage at the time. It would infect victims and would only activate on banking sites, where it would record login details. Nowadays, Gootkit’s main functions are focused on stealing data from browsers. It can extract and exfiltrate data such as browsing history, passwords, and cookie files, and supports extracting this information from multiple browser types, from Chrome to Internet Explorer.

GootKit trojan is mostly written in JavaScript and can sometimes be identified by looking for a process running in Task Manager called “Standinstrument” (32-bit or 64-bit). It might also use another name. Trojan-type programs often use names that do not seem suspicious.

GootKit mainly targets users’ bank accounts – stealing personal/confidential (account information) information relating to banking might cause significant financial loss and other problems (such as downloading and installing other infections).

As mentioned above, this trojan is commonly distributed using another trojan-type program called Emotet, which, if installed, proliferates other infections (similar to GootKit),  collects sensitive information (also relating to banking) and might cause privacy issues and financial loss. If you suspect that your computer is infected by GootKit (Trojan.GootKit), Emotet, or other similar malicious programs, we strongly recommend that you scan your system with a reputable anti-virus/anti-spyware tool and eliminate detected threats immediately.

To protect systems from infection by malicious programs such as trojans or others, browse the web with care. Do not open attachments or links that are presented in emails received from suspicious, unknown or untrustworthy addresses.

For more Cyber Security Information contact us at

Leave a Comment

Your email address will not be published. Required fields are marked *

17 − 10 =