Sophos researchers have named the platform Gootloader. It is actively delivering malicious payloads through tightly targeted operations in the US, Germany and South Korea. The attack proceeds covertly, using a wide range of complicated evasion techniques, multiple layers of obfuscation, and fileless malware that is injected into memory or registry where conventional security scans cannot reach it. The best overall protection is a comprehensive security solution that can scan for suspicious activity in memory. Windows users can also turn off the ‘Hide Extensions for Known File Types’ setting in the Windows file explorer as this will allow them to see that the.zip download.
Source: https://www.helpnetsecurity.com/2021/03/02/gootloader-malware-ransomware/