Security News > 2021 > September > New Zloader attacks disable Windows Defender to evade detection
An ongoing Zloader campaign uses a new infection chain to disable Microsoft Defender Antivirus on victims' computers to evade detection.
According to Microsoft's stats, Microsoft Defender Antivirus is the anti-malware solution pre-installed on more than 1 billion systems running Windows 10.
From there, they are tricked into downloading signed and malicious MSI installers designed to install Zloader malware payloads on their computers.
"The attack chain analyzed in this research shows how the complexity of the attack has grown in order to reach a higher level of stealthiness," said SentinelLabs security researchers Antonio Pirozzi and Antonio Cocomazzi in a report published today.
Zloader is a banking trojan initially spotted back in August 2015 when it was used to attack several British financial targets' customers.
"This is the first time we have observed this attack chain in a ZLoader campaign," SentinelLabs' researchers concluded.
News URL
Related news
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)