ZLoader: What it is, how it works and how to prevent it | Malware spotlight [2022 update]

Zloader is a popular banking trojan first discovered in 2016 and an improvement from the Zeus trojan. 

Zloader is a popular variant of the Zeus trojan that hit the banking industry in 2007. Before 2020, it was last seen in the summer of 2018. It has seen a significant increase in presence on the web since Jan. 1, 2020. It has been disseminated in several campaigns worldwide, affecting victims in the United States, Canada, Australia, Poland and Germany. 

Zloader relies on phishing campaigns that lure victims into opening malicious attachments in resumes/CVs, invoices and MS Office documents.

Figure 1: Attached is a Zloader phishing email with a malicious MSOffice (.doc) file. 

In addition, Zloader, also known as Zbot, is under active development and has been spawned over different versions in recent months. These variants are a clear result of the Zeus source-code leak in 2011. 

Technical details

Zloader is a trojan designed to steal cookies, passwords and sensitive information. The main audience of this piece of malware are users of financial institutions worldwide. Although there are a lot of workflows about Zloader available on the internet, we decided to introduce the graphic illustrated in Figure 2 by Microsoft as it

Read More: https://resources.infosecinstitute.com/topic/zloader-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/