Name of Malware: Gootkit (Waldek, talalpek and XswKit.)

Type of Malware: Trojan, dropper, backdoor

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops

Impact: medium

What is Gootkit?

Gootkit is a trojan that steals confidential information and allows criminals to take control of infected systems remotely. Gootkit can also be used to install additional malware, such as Emotet.

How did I get infected with Gootkit?

Systems can be infected with Gootkit when a user opens a malicious e-mail attachment. The malware is hidden in a file that appears harmless. The text of the e-mail convinces the recipient to open the attachment.

What do I have to do now?

To eliminate Gootkit, we recommend scanning the infected system with an anti-virus program. Further information on removing this malware can be found under Removing infections from PCs, laptops etc.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.