Gootkit - What it is, how it steals banking logins, and how to remove it safely

Gootkit (Waldek)

What it is

Gootkit is a banking trojan for Windows that targets sectors like finance, law, and healthcare. It steals logins, browser cookies, and payment data, and can pull in extra payloads to widen the breach. Technical details and IOCs - see our Gootkit explainer.

How it gets in

  • Search poisoning - booby-trapped downloads from fake SEO results

  • Phishing - invoice or court notice lures with harmful attachments

  • Bundled installers - repacked software and fake updates

What you may notice

  • Banking or portal logins ask for unusual extra steps

  • Odd browser redirects or new extensions you did not add

  • New scheduled tasks or services - spikes in outbound traffic

Remove it now - quick steps

  1. Disconnect from the internet and avoid banking on the infected device.

  2. Run a full anti-malware scan, quarantine results, reboot, then scan again.

  3. From a clean device, change passwords and enable MFA for email, banking, and admin accounts.

  4. Check startup items, scheduled tasks, services, and extensions - remove unknowns.

  5. Call your bank to review transactions and set alerts.

Prevent it

  • Download software only from official sources - avoid repacks and cracks.

  • Keep Windows, browsers, and Office updated - block macros by default.

  • Use reputable EDR or anti-malware plus email and web filtering.

  • Train staff to verify money or account changes out of band.

  • Consider DNS filtering to block known malicious domains.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • Data Exfiltration

        What it is Data exfiltration is the unauthorized transfer of your data out of your device or network—quietly slipping customer records, passwords, designs, or finances to an attacker. It’s the punchline of many breaches: get in, get data out, cash ...

      • Data Breach

        What it is A data breach is when someone gets into a company’s systems without permission and steals sensitive info—customer names, emails, passwords, payment details, medical records, and more. For overview: see our data breach guide How it happens ...

      • Malware

        What it is Malware is any software made to harm your device or data. It can steal passwords, lock your files, spy on activity, or hijack your browser. For a quick primer and examples, see our malware explainer. How it spreads Phishing emails and fake ...

      • RAM Scraping

        What it is RAM scraping is when malware reads a process’s live memory to grab sensitive data in plaintext before it’s encrypted or after it’s decrypted. Classic targets are point-of-sale apps where payment card data briefly appears in RAM, but ...