In the campaign detailed by cybersecurity company eSentire, the threat actors are said to have compromised legitimate, but vulnerable, WordPress websites and added new blog posts without the owners' knowledge. "When the computer user navigates to one of these malicious web pages and hits the link to download the purported business agreement, they are unknowingly downloading GootLoader," eSentire researcher Keegan Keplinger said in January 2022.
These types of attacks are becoming more and more common, as cybercriminals target businesses and professionals who may be handling sensitive information. It's important to be aware of the dangers of clicking on links or downloading files from unknown sources, as this is often how these malicious programs are spread. If you think you may have been a victim of such an attack, it's important to seek professional help to remove the malware and secure your system to prevent further damage.