Security News > 2022 > January > MalSmoke attack: Zloader malware exploits Microsoft's signature verification to steal sensitive data
A new malware campaign is taking advantage of a vulnerability in the way Microsoft digitally signs a specific file type.
As described on Wednesday by cyber threat intelligence firm Check Point Research, an attack using the infamous Zloader banking malware aims to steal account credentials and other private data and has already infected 2,170 unique machines that downloaded the malicious DLL file involved in the exploit.
From there, the attackers exploit Microsoft's digital signature verification method to inject their malicious payload into a signed Windows DLL file to skirt past security defenses.
From there, a script runs an executable file, and that's where the operators exploit a hole in Microsoft's signature verification.
Upon analysis, Check Point discovered that this file is signed by Microsoft with a valid signature.
This is because the operators were able to append data to the signature section of the file without changing the validity of the signature itself.
News URL
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- New DoubleClickjacking attack exploits double-clicks to hijack accounts (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- New Web3 attack exploits transaction simulations to steal crypto (source)
- Fake LDAPNightmware exploit on GitHub spreads infostealer malware (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)