Security News > 2022 > January > Microsoft code-sign check bypassed to drop Zloader malware

A new Zloader campaign exploits Microsoft's digital signature verification to deploy malware payloads and steal user credentials from thousands of victims from 111 countries.
Zloader is a banking malware first spotted back in 2015 that can steal account credentials and various types of sensitive private information from infiltrated systems.
More recently, Zloader has been used to drop further payloads on infected devices, including ransomware payloads such as Ryuk and Egregor,.
In the most recent campaign, tracked and analyzed by researchers at Check Point, the infection begins with delivering a "Java.msi" file that's a modified installer of Atera.
The attackers then gains full remote access to the system, which allows them to execute scripts and upload or download files, most notably Zloader malware payloads.
Dll, which executes the Zloader payload and the registry-editing script carries a valid code signature, so the OS essentially trusts it.