ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender

Threat Post -

The well-known banking trojan retools for stealth with a whole new attack routine, including using ads for Microsoft TeamViewer and Zoom to lure victims in.

A targeted campaign delivering the ZLoader banking trojan is spreading via Google AdWords, and is using a mechanism to disable all Windows Defender modules on victim machines, researchers have found.

That’s according to SentinelLabs, which said that to lower the rates of detection, the infection chain for the campaign also includes the use of a signed dropper, plus a backdoored version of the Windows utility wextract.exe to embed the ZLoader payload itself.

ZLoader has been around a while, one of many malware forks rising from the ashes of the Zeus banking trojan after its source code was published nearly 10 years ago.

“[It] is a typical banking trojan which implements web injection to steal cookies, passwords and any sensitive information,” SentinelLabs

The post ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender originally appeared on Threat Post.

Read More.....