The Hacker News -
Users searching for TeamViewer remote desktop software on search engines like Google are being redirected to malicious links that drop ZLoader malware onto their systems while simultaneously embracing a stealthier infection chain that allows it to linger on infected devices and evade detection by security solutions.
“The malware is downloaded from a Google advertisement published through Google Adwords,” researchers from SentinelOne said in a report published on Monday. “In this campaign, the attackers use an indirect way to compromise victims instead of using the classic approach of compromising the victims directly, such as by phishing.”
First discovered in 2016, ZLoader (aka Silent Night and ZBot) is a fully-featured banking trojan and a fork of another banking malware called ZeuS, with newer versions implementing a VNC module that grants adversaries remote access to victim systems. The malware is in active development, with criminal actors spawning an array of variants in recent
The post New Stealthier ZLoader Variant Spreading Via Fake TeamViewer Download Ads first appeared on The Hacker News.