The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives.
"The actor creates a malformed archive as an anti-analysis technique," Expel security researcher Aaron Walton said in a report shared with The Hacker News. "That is, many unarchiving tools



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/01/gootloader-malware-uses-5001000.html