Other recent ZLoader attacks from an array of actors have used malicious word processing documents, tainted websites, and malicious ads to distribute the malware. The recent ZLoader attacks primarily targeted victims in the United States, Canada, and India. “As a result, a lot of malware would be able to get into companies and personal computers using this method.” “We have a fix, but nobody uses it,” Eisenkraft says. But attackers were able to inconspicuously append a malicious script to the file without impacting Microsoft's stamp of approval. The target DLL file is digitally signed by Microsoft, which proves its authenticity. Attackers could modify a legitimate “Dynamic-link library” file-a common file shared between multiple pieces of software to load code-to plant their malware. This is where the nearly decade-old flaw came in handy. From there, though, the hackers still needed to install ZLoader without Windows Defender or another malware scanner detecting or blocking it. First, they'd trick victims into installing a legitimate remote IT management tool called Atera to gain access and device control that part's not particularly surprising or novel. In this case, according to researchers at security firm Check Point, the attackers took advantage of a gap in Microsoft’s signature verification, the integrity check for ensuring that a file is legitimate and trustworthy. Hackers have long used a variety of tactics to sneak Zloader past malware detection tools. Now, a ZLoader campaign that began in November has infected almost 2,200 victims in 111 countries by abusing a Windows flaw that Microsoft fixed back in 2013. The widely used malware ZLoader crops up in all sorts of criminal hacking, from efforts that aim to steal banking passwords and other sensitive data to ransomware attacks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |