A banking malware called ZLoader, which last appeared in early 2018, has been detected in more than 100 email campaigns since the beginning of the year.
Trojan is in active development with 25 editions appearing since its return in December 2019, with the last being observed this month.
Malicious spam campaigns target users in the US, Canada, Germany, Poland and Australia with rants related to COVID-19 issues and invoices.
Researchers at Proofpoint today note in a report that the ZLoader thus distributed is different from the original variant observed between 2016 and 2018.
Multiple factors divide the strain of the virus into at least one malicious email campaign a day. They use PDF files linked to a document Microsoft Word with a macro code that downloads and executes a version of ZLoader.
From March, phishing emails about COVID-19 began to circulate. One of the emails allegedly warns recipients of fraud related to the new corona pandemic.
The IBM X-Force cited these campaigns as quite convincing documents which are said to contain details of state aid payments.
The current variant does not have some advanced features shown to its predecessor. For example, hiding is missing code and string encryption. Nevertheless, it remains a significant threat.
Uses web injections to steal credentials and private banking information from victims, as well as sensitive data stored in browsers such as and passwords.
This does not raise suspicions in the bank, as the transfer starts with him computer of the customer using the correct credentials. It also makes it harder to challenge fraudulent transactions.
ZLoader is also known as Zeus Sphinx, Terdot and DELoader. It is a variation of the infamous Zeus used to steal tens of millions in 2010.
In the past, Zeus was priced between $ 3000 and $ 4000 and was the top malware they use Criminals specializing in financial fraud.