The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. "The actor creates a malformed archive as an anti-analysis technique," Expel security researcher Aaron Walton said in a report shared with The Hacker News. "That is, many unarchiving tools
![]()
source https://thehackernews.com/2026/01/gootloader-malware-uses-5001000.html
source https://thehackernews.com/2026/01/gootloader-malware-uses-5001000.html