Η Check Point Research (CPR) observes the new campaign malware taking advantage of its verification Microsoft Digital Signature to steal victims' sensitive information.
Μwith the name ZLoader, malware is one banking trojan that uses web injection to steal cookies, passwords and any sensitive information.
The ZLoader has become known to have transferred in the pasti ransomware and was found on her radar CISA in September 2021 as a method responsible for its distribution Conti ransomware. During the same month, Microsoft said its operators ZLoader bought ads with Google keywords to distribute various malware executives, including Ryuk ransomware.
Today, the CPR publishes a report detailing its reappearance ZLoader in a campaign that has taken over 2.000 victims in 111 countries. The CPR attributes the campaign to the cyber criminal group MalSmoke.
How the attack takes place
1. The attack begins with the installation of a legitimate remote management program that pretends to be an installation Java
2. After this installation, the perpetrator has full access to the system and can uploads / downloads files and also run scripts, so the attacker uploads and executes some scripts that download more scripts running the mshta.exe with the file appContast.dll as a parameter
3. The file appContast.dll is signed by Microsoft, although more information has been added to the end of the file
4. The additional information downloads and executes the final payload zloader, ustealing user credentials and personal information from the victims
Victims
So far, the CPR has recorded 2170 unique victims. Most victims live in United States, followed by Canada and India.
Report:
Η CPR estimates that the cybercriminals behind the campaign are the Malsmoke, given some similarities to previous campaigns.
Revelation:
Η CPR informed her Microsoft and Atera for its findings.
Ο Kobi Eisenkraft, Check Point Malware Researcher said:
The attackers to whom we attribute the attack are MalSmoke, who seek to steal users' credentials and personal information from victims. So far, we have counted over 2.170 victims in 111 countries and we go on. Overall, it seems that the perpetrators of the campaign zloader make great efforts to avoid detection and continue to update their methods on a weekly basis.
I urge users to apply its update Microsoft for rigorous verification Authenticode, as it is not installed by default.
Security tips
- Apply Microsoft Update for rigorous verification Authenticode. Not applicable by default.
- Do not install programs from unknown sources or sites.
- Do not open links and unknown attachments that you receive by mail.
Press Release
Do not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn
Follow us on Telegram so that you are the first to learn our every news!
