Sophos: Gootloader is being used to deliver other malware including Kronos Trojan and Cobalt Strike attack kit. The method involves the attackers maintaining a network of servers hosting legitimate but previously compromised websites. In each instance, the attackers inject a mostly unintelligible collection of words and phrases. The goal is to fool search engines into thinking a compromised website is about those words, when in reality it might be about something else entirely, Sophos says. The attackers have developed a method where the site where the malicious file is downloaded is able to construct payloads “on the fly””]