Zloader: The malware that has claimed more than 2000 victims in 111 countries
Share this:

Over the years the area of cybercrime has increased significantly. Cyber attacks are multiplying and the damage is more than many (often irrecoverable).

According to recent information, cybercriminals have used Microsoft to steal personal data from more than 2000 victims.

Check Point Research (CPR) recently detected a new malware campaign that uses Microsoft’s digital signature verification to steal credentials and sensitive information. The attack is attributed to the Malsmoke cybercriminal group and is based on the ZLoader malware, a banking trojan that allows you to steal cookies, passwords, and other data.

Zloader Malware Infection Chain

  1. The attack starts with the installation of a legitimate remote management program that appears to be a Java installation
  2. After installation, the attacker has full access to the system, being able to upload and download files, as well as run scripts. Thus, the attacker loads and executes scripts that download more scripts which, in turn, execute the mshta.exe software with the appContast.dll file as a parameter.
  3. The appConstant.dll file is signed by Microsoft, although more information has been added at the end of the file.
  4. The added information downloads and executes the final Zloader payload, stealing the victims’ user credentials and other personal information

ZLoader from its name, the malware already claims more than 2 000 victims in 111 countries. ZLoader is a banking trojan that uses web injection, a technique that, through the injection of malicious code, allows to steal cookies, passwords, and any other sensitive information.

Known for distributing malware, ZLoader was identified in September 2021 by the US Cybersecurity and Infrastructure Security Agency (CISA) as part of an investigation into the spread of Conti ransomware.

Share this:


All comments.