Security News > 2022 > January > Microsoft code-sign check bypassed to drop Zloader malware

Microsoft code-sign check bypassed to drop Zloader malware
2022-01-05 11:00

A new Zloader campaign exploits Microsoft's digital signature verification to deploy malware payloads and steal user credentials from thousands of victims from 111 countries.

Zloader is a banking malware first spotted back in 2015 that can steal account credentials and various types of sensitive private information from infiltrated systems.

More recently, Zloader has been used to drop further payloads on infected devices, including ransomware payloads such as Ryuk and Egregor,.

In the most recent campaign, tracked and analyzed by researchers at Check Point, the infection begins with delivering a "Java.msi" file that's a modified installer of Atera.

The attackers then gains full remote access to the system, which allows them to execute scripts and upload or download files, most notably Zloader malware payloads.

Dll, which executes the Zloader payload and the registry-editing script carries a valid code signature, so the OS essentially trusts it.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-code-sign-check-bypassed-to-drop-zloader-malware/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 383 52 1433 2955 180 4620