Tuesday, January 26, 16:03
Home security ZLoader banking malware is back! It was found in 100 malicious campaigns

ZLoader banking malware is back! It was found in 100 malicious campaigns

A banking malware called ZLoader, which last appeared in early 2018, has been detected in more than 100 email campaigns since the beginning of the year.

Trojan is in active development with 25 editions appearing since its return in December 2019, with the last being observed this month.

ZLoader malware

Malicious spam campaigns target users in the US, Canada, Germany, Poland and Australia with rants related to COVID-19 issues and invoices.

Researchers at Proofpoint today note in a report that the ZLoader thus distributed is different from the original variant observed between 2016 and 2018.

Multiple factors divide the strain of the virus into at least one malicious email campaign a day. They use PDF files linked to a document Microsoft Word with a macro code that downloads and executes a version of ZLoader.

From March, phishing emails about COVID-19 began to circulate. One of the emails allegedly warns recipients of fraud related to the new corona pandemic.

The IBM X-Force cited these campaigns as quite convincing documents which are said to contain details of state aid payments.

The current variant does not have some advanced features shown to its predecessor. For example, hiding is missing code and string encryption. Nevertheless, it remains a significant threat.

Uses web injections to steal credentials and private banking information from victims, as well as sensitive data stored in browsers such as cookies and passwords.

The threat factor uses these data to connect to the victim's online bank account. Using a VNC (Virtual Network Computing) client, they perform transactions from the compromised computer.

This does not raise suspicions in the bank, as the transfer starts with him computer of the customer using the correct credentials. It also makes it harder to challenge fraudulent transactions.

ZLoader is also known as Zeus Sphinx, Terdot and DELoader. It is a variation of the infamous Zeus used to steal tens of millions in 2010.

In the past, Zeus was priced between $ 3000 and $ 4000 and was the top malware they use Criminals specializing in financial fraud.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.


Electricity generation in Europe: RES surpassed fossil fuels

Europe is slowly reducing its dependence on fossil fuels. A report published by Ember and Agora ...

TikTok: Fixed a vulnerability that would allow phone numbers to be stolen

TikTok started a bug bounty program after discovering various vulnerabilities in its application. This effort seems to have ...

MacOS Big Sur 11.2 RC 2 is now available as a public release

The second "release candidate" version of macOS Big Sur 11.2 is now available to developers and beta users. This comes after the ...

A rare species of cloudless exoplanet has been identified

Astronomers have found another strange exoplanet that could broaden our understanding of the universe. Gizmodo reports ...

COVID-19: Companies compete for the vaccination passport

Those vaccinated against Covid-19 at Dodger Stadium receive a CDC card with handwritten details of when they were given the ...

Tesla / Samsung Partnership: New chip for fully autonomous driving

Tesla has partnered with Samsung on a new 5nm chip that offers fully autonomous driving, according to a new report coming from ...

Office 365: New phishing campaign targets company executives!

A phishing campaign is underway, which appears to provide password expiration reports for Office 365, managing to breach ...

Covid-19: Google Maps will show where vaccinations will be given

The Google Maps app will soon show the vaccination sites for Covid-19, further boosting awareness of ...

Apple Watch Series 7: Will have blood glucose monitoring

According to ETNews, the Apple Watch Series 7 will include the ability to monitor blood glucose through an optical sensor.

Google: North Korean hackers target security researchers via social media

Google has released a report revealing that North Korean hackers are targeting security researchers through social media who are involved in ...