GootKit is a banking Trojan that attempts to steal the online banking credentials of infected users through video capture and redirects to fake banking sites under the attacker’s control. The Trojan uses a UAC bypass and WMIC commands to exclude the malware path from being scanned by Windows Defender Antivirus. The malware is not the only Trojan stepping up their game to evade Microsoft’s greatly improved anti-virus product. In July, we reported that TrickBot had started executing PowerShell commands to disable Windows Defender’s functionality and to evade detection.
Source: https://www.bleepingcomputer.com/news/security/gootkit-malware-bypasses-windows-defender-by-setting-path-exclusions/