Security News > 2021 > September > New Zloader attacks disable Windows Defender to evade detection
An ongoing Zloader campaign uses a new infection chain to disable Microsoft Defender Antivirus on victims' computers to evade detection.
According to Microsoft's stats, Microsoft Defender Antivirus is the anti-malware solution pre-installed on more than 1 billion systems running Windows 10.
From there, they are tricked into downloading signed and malicious MSI installers designed to install Zloader malware payloads on their computers.
"The attack chain analyzed in this research shows how the complexity of the attack has grown in order to reach a higher level of stealthiness," said SentinelLabs security researchers Antonio Pirozzi and Antonio Cocomazzi in a report published today.
Zloader is a banking trojan initially spotted back in August 2015 when it was used to attack several British financial targets' customers.
"This is the first time we have observed this attack chain in a ZLoader campaign," SentinelLabs' researchers concluded.
News URL
Related news
- Critical Rust flaw enables Windows command injection attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Researchers claim Windows Defender can be fooled into deleting databases (source)