Security News > 2022 > April > Microsoft Disrupts ZLoader Cybercrime Botnet in Global Operation
Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts.
"ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money," Amy Hogan-Burney, general manager of Microsoft's Digital Crimes Unit, said.
"ZLoader has remained relevant as attackers' tool of choice by including defense evasion capabilities, like disabling security and antivirus tools, and selling access-as-a-service to other affiliate groups, such as ransomware operators," Microsoft said.
Campaigns involving ZLoader have abused phishing emails, remote management software, and rogue Google Ads to gain initial access to the target machines, while simultaneously using several complex tactics for defense evasion, including injecting malicious code into legitimate processes.
The takedown effort is reminiscent of a global operation to disrupt the notorious TrickBot botnet in October 2020.
"Like many modern malware variants, getting ZLoader onto a device is oftentimes just the first step in what ends up being a larger attack," Microsoft said.
News URL
https://thehackernews.com/2022/04/microsoft-disrupts-zloader-cybercrime.html
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- Botnet fueling residential proxies disrupted in cybercrime crackdown (source)
- Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks (source)