{"id":53176,"date":"2023-08-11T12:49:03","date_gmt":"2023-08-11T12:49:03","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34895\/Gootloader-SEO-Watering-Hole-Malware-Targets-Law-Firms.html"},"modified":"2023-08-11T12:49:03","modified_gmt":"2023-08-11T12:49:03","slug":"gootloader-seo-watering-hole-malware-targets-law-firms","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/","title":{"rendered":"Gootloader SEO Watering Hole Malware Targets Law Firms"},"content":{"rendered":"<p>A search engine optimization (SEO) water hole technique called Gootloader has been observed targeting legal-related search terms and has been identified as a threat to <a href=\"https:\/\/www.scmagazine.com\/analysis\/law-firm-pays-200000-over-poor-data-security-that-led-to-microsoft-exchange-attack\" target=\"_blank\" rel=\"noreferrer noopener\">law firms<\/a> and people doing searches for legal information online.<\/p>\n<p>In a <a href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/spiderlabs-blog\/gootloader-why-your-legal-document-search-may-end-in-misery\/\" target=\"_blank\" rel=\"noreferrer noopener\">blog post Aug. 10,<\/a> Trustwave\u2019s SpiderLabs said the Gootloader malware has gained notoriety because of its exploitation of compromised <a href=\"https:\/\/www.scmagazine.com\/brief\/wordpress-plugin-vulnerability-puts-user-accounts-at-risk\" target=\"_blank\" rel=\"noreferrer noopener\">WordPress<\/a> sites for malware distribution and its use of SEO poisoning techniques to achieve high rankings in web search results. By manipulating search engine results and luring unsuspecting users to compromised websites, the researchers said Gootloader takes advantage of a user\u2019s trust in search results to deliver malicious payloads.<\/p>\n<p>The SpiderLabs researchers reported that close to 50% of these cases target law firms (see chart below). And while the majority of the keywords are in English, the Gootloader campaign also targets the French, Spanish, Portuguese, German, and South Korean languages.<\/p>\n<figure><img alt=\"Gootloader malware investigations by industry (via SpiderLabs)\" srcset=\"https:\/\/www.scmagazine.com\/_next\/image?url=https%3A%2F%2Ffiles.scmagazine.com%2Fwp-content%2Fuploads%2F2023%2F08%2FTrustwaveGootloader.jpeg&amp;w=750&amp;q=75 1x, https:\/\/www.scmagazine.com\/_next\/image?url=https%3A%2F%2Ffiles.scmagazine.com%2Fwp-content%2Fuploads%2F2023%2F08%2FTrustwaveGootloader.jpeg&amp;w=1920&amp;q=75 2x\" src=\"https:\/\/www.scmagazine.com\/_next\/image?url=https%3A%2F%2Ffiles.scmagazine.com%2Fwp-content%2Fuploads%2F2023%2F08%2FTrustwaveGootloader.jpeg&amp;w=1920&amp;q=75\" width=\"697\" height=\"418\" decoding=\"async\" data-nimg=\"1\" class=\"MediaItem_img__WJ8V4\" loading=\"lazy\"><figcaption>Gootloader malware investigations by industry (via SpiderLabs)<br \/><\/figcaption><\/figure>\n<p>\u201cTrustwave SpiderLabs has been tracking Gootloader for quite some time and has seen a variety of campaigns utilizing the first-stage loader malware,\u201d said Karl Sigler, senior security research manager for Trustwave Spider Labs.<\/p>\n<p>Sigler said the malware is somewhat unique since it combines SEO promotion of malicious websites offering industry-specific assets, such as contract templates, to lure victims instead of the more common phishing techniques.<\/p>\n<p>\u201cThis technique balances the significant return of miscellaneous and random data from opportunistic attacks and the specific, but low-quantity data from targeted attacks,&#8221; he continued. &#8220;Targeting a specific industry like the legal industry with this type of attack will likely result in a high volume of a specific data set.\u201d<\/p>\n<p>According to SpiderLabs, the attack typically starts with a seemingly harmless search for supply agreement documents that lead to the compromised WordPress webpages controlled by Gootloader actors. SpiderLabs collected several search queries that lead to the compromised websites and identified the keywords used by this malware group, revealing a predominant SEO keyword focus on legal documents, such as \u201cagreements,\u201d \u201ccontracts,\u201d and&nbsp; \u201cforms.\u201d<\/p>\n<p>When visiting a poisoned link from the search engine result, the researchers said the user would get directed to a page that mimics a forum. This fake forum page employs social engineering tactics to entice the user to click on a direct download link for the desired document file. When the user clicks on the download link within the fake forum, they are redirected to another WordPress webpage, typically identified by the PHP path &#8220;download.php,&#8221; which is also controlled by the attacker. The visitor\u2019s information is similarly checked, and when the conditions are satisfied, a ZIP file gets provided for download. The filename of the ZIP file is derived from the user\u2019s search keyword.<\/p>\n<p>Here&#8217;s the catch: The ZIP file does not contain the intended file that the user was expecting. Instead, it conceals a malicious .JS file, cleverly hidden within a legitimate JavaScript library, explain the SpiderLabs researchers.<\/p>\n<p>Law firms store highly sensitive information that spans mergers and acquisitions, intellectual property, medical records, trust and estates, tax data, and a range of legal filings, making them a prime target of threat actors, said John A. Smith chief executive officer at Conversant. Smith said the Gootloader malware gets targeted specifically at law firms likely because of the attractiveness of their data assets.<\/p>\n<p>\u201cIt has been used since late 2020 to deploy ransomware, as well as infostealers and remote access tools,\u201d said Smith. \u201cRansomware is always a top threat for law firms, because firms cannot afford to lose their data or see it published \u2014 they rely on both client trust and their reputations for continued business, so paying the ransom is often the best or only path to resolution.<\/p>\n<p>Smith said because this attack relies on end users downloading a malicious file, it may seem that training the end user is the best course to avoid these incidents.<\/p>\n<p>&#8220;However, end-user training is one part of a layered defense strategy, and if IT had employed the proper controls that blocked users from being able to download such files, and the proper file inspections had been activated at the controls level, the file would not have been downloaded regardless of the actions of the user,&#8221; Smith added.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34895\/Gootloader-SEO-Watering-Hole-Malware-Targets-Law-Firms.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9447],"class_list":["post-53176","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-blogs","tag-headlinehackerprivacymalwaredata-loss"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Gootloader SEO Watering Hole Malware Targets Law Firms 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Gootloader SEO Watering Hole Malware Targets Law Firms 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-11T12:49:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.scmagazine.com\/_next\/image?url=https%3A%2F%2Ffiles.scmagazine.com%2Fwp-content%2Fuploads%2F2023%2F08%2FTrustwaveGootloader.jpeg&amp;w=1920&amp;q=75\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gootloader-seo-watering-hole-malware-targets-law-firms\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gootloader-seo-watering-hole-malware-targets-law-firms\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Gootloader SEO Watering Hole Malware Targets Law Firms\",\"datePublished\":\"2023-08-11T12:49:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gootloader-seo-watering-hole-malware-targets-law-firms\\\/\"},\"wordCount\":709,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gootloader-seo-watering-hole-malware-targets-law-firms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.scmagazine.com\\\/_next\\\/image?url=https%3A%2F%2Ffiles.scmagazine.com%2Fwp-content%2Fuploads%2F2023%2F08%2FTrustwaveGootloader.jpeg&amp;w=1920&amp;q=75\",\"keywords\":[\"headline,hacker,privacy,malware,data loss\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gootloader-seo-watering-hole-malware-targets-law-firms\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gootloader-seo-watering-hole-malware-targets-law-firms\\\/\",\"name\":\"Gootloader SEO Watering Hole Malware Targets Law Firms 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gootloader-seo-watering-hole-malware-targets-law-firms\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gootloader-seo-watering-hole-malware-targets-law-firms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.scmagazine.com\\\/_next\\\/image?url=https%3A%2F%2Ffiles.scmagazine.com%2Fwp-content%2Fuploads%2F2023%2F08%2FTrustwaveGootloader.jpeg&amp;w=1920&amp;q=75\",\"datePublished\":\"2023-08-11T12:49:03+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gootloader-seo-watering-hole-malware-targets-law-firms\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gootloader-seo-watering-hole-malware-targets-law-firms\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gootloader-seo-watering-hole-malware-targets-law-firms\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.scmagazine.com\\\/_next\\\/image?url=https%3A%2F%2Ffiles.scmagazine.com%2Fwp-content%2Fuploads%2F2023%2F08%2FTrustwaveGootloader.jpeg&amp;w=1920&amp;q=75\",\"contentUrl\":\"https:\\\/\\\/www.scmagazine.com\\\/_next\\\/image?url=https%3A%2F%2Ffiles.scmagazine.com%2Fwp-content%2Fuploads%2F2023%2F08%2FTrustwaveGootloader.jpeg&amp;w=1920&amp;q=75\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gootloader-seo-watering-hole-malware-targets-law-firms\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,privacy,malware,data loss\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerprivacymalwaredata-loss\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Gootloader SEO Watering Hole Malware Targets Law Firms\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Gootloader SEO Watering Hole Malware Targets Law Firms 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/","og_locale":"en_US","og_type":"article","og_title":"Gootloader SEO Watering Hole Malware Targets Law Firms 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-08-11T12:49:03+00:00","og_image":[{"url":"https:\/\/www.scmagazine.com\/_next\/image?url=https%3A%2F%2Ffiles.scmagazine.com%2Fwp-content%2Fuploads%2F2023%2F08%2FTrustwaveGootloader.jpeg&amp;w=1920&amp;q=75","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Gootloader SEO Watering Hole Malware Targets Law Firms","datePublished":"2023-08-11T12:49:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/"},"wordCount":709,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.scmagazine.com\/_next\/image?url=https%3A%2F%2Ffiles.scmagazine.com%2Fwp-content%2Fuploads%2F2023%2F08%2FTrustwaveGootloader.jpeg&amp;w=1920&amp;q=75","keywords":["headline,hacker,privacy,malware,data loss"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/","url":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/","name":"Gootloader SEO Watering Hole Malware Targets Law Firms 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.scmagazine.com\/_next\/image?url=https%3A%2F%2Ffiles.scmagazine.com%2Fwp-content%2Fuploads%2F2023%2F08%2FTrustwaveGootloader.jpeg&amp;w=1920&amp;q=75","datePublished":"2023-08-11T12:49:03+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/#primaryimage","url":"https:\/\/www.scmagazine.com\/_next\/image?url=https%3A%2F%2Ffiles.scmagazine.com%2Fwp-content%2Fuploads%2F2023%2F08%2FTrustwaveGootloader.jpeg&amp;w=1920&amp;q=75","contentUrl":"https:\/\/www.scmagazine.com\/_next\/image?url=https%3A%2F%2Ffiles.scmagazine.com%2Fwp-content%2Fuploads%2F2023%2F08%2FTrustwaveGootloader.jpeg&amp;w=1920&amp;q=75"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/gootloader-seo-watering-hole-malware-targets-law-firms\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,privacy,malware,data loss","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerprivacymalwaredata-loss\/"},{"@type":"ListItem","position":3,"name":"Gootloader SEO Watering Hole Malware Targets Law Firms"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53176"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53176\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}