GootKit is widely considered one of the most sophisticated banking Trojans active in the wild. The malware is being used in online banking fraud attacks on consumer and business accounts. IBM X-Force research in January 2017 found that Gootkits developers had modified its architecture and changed the way it operates on the infected endpoints. The most significant change I noticed in recent samples is an architectural expansion. The new network interception method, which now proxies internet traffic through the malware, bypasses certificate validation by hooking other relevant APIs.”]
Source: https://securityintelligence.com/gootkit-developers-dress-it-up-with-web-traffic-proxy/