Security News > 2022 > January > MalSmoke attack: Zloader malware exploits Microsoft's signature verification to steal sensitive data
A new malware campaign is taking advantage of a vulnerability in the way Microsoft digitally signs a specific file type.
As described on Wednesday by cyber threat intelligence firm Check Point Research, an attack using the infamous Zloader banking malware aims to steal account credentials and other private data and has already infected 2,170 unique machines that downloaded the malicious DLL file involved in the exploit.
From there, the attackers exploit Microsoft's digital signature verification method to inject their malicious payload into a signed Windows DLL file to skirt past security defenses.
From there, a script runs an executable file, and that's where the operators exploit a hole in Microsoft's signature verification.
Upon analysis, Check Point discovered that this file is signed by Microsoft with a valid signature.
This is because the operators were able to append data to the signature section of the file without changing the validity of the signature itself.
News URL
Related news
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks (source)
- Fake Microsoft Office add-in tools push malware via SourceForge (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)