Security News > 2022 > April > Microsoft disrupts Zloader malware in global operation
A months-long global operation led by Microsoft's Digital Crimes Unit has taken down dozens of domains used as command-and-control servers by the notorious ZLoader botnet.
The court order obtained by Microsoft allowed it to sinkhole 65 hardcoded domains used by the ZLoader cybercrime gang to control the botnet and another 319 domains registered using the domain generation algorithm used to create fallback and backup communication channels.
"During our investigation, we identified one of the perpetrators behind the creation of a component used in the ZLoader botnet to distribute ransomware as Denis Malikov, who lives in the city of Simferopol on the Crimean Peninsula," explained Amy Hogan-Burney, the DCU General Manager.
Zloader is a widely-known banking trojan first spotted back in August 2015 when deployed in attacks against several British financial companies' customers.
The malware has been used to target banks worldwide, from Australia and Brazil to North America, with the end goal of harvesting financial data via web injections that use social engineering to trick infected bank customers into handing out authentication codes and credentials.
Zloader also features backdoor and remote access capabilities, and it can be used as a malware loader to drop additional payloads on infected devices.