9-year-old Windows flaw abused to drop ZLoader malware in 111 countries

The vulnerability was identified and fixed in 2013 but in 2014 Microsoft revised the fix allowing Malsmoke hackers in 2022 to spread ZLoader malware.

Israel-based cybersecurity firm Check Point Research has been assessing a sophisticated infection chain since Nov 2021. Researchers have now published their report, stating that a new ZLoader malware campaign is underway and has already stolen data and credentials of more than 2000 victims across 111 countries as of 2 Jan 2022.

In the new campaign, attackers exploit remote monitoring tools and a 9-year-old flaw in Microsoft’s digital signature verification (tracked as CVE-2013-3900) to steal user passwords and sensitive personal data.

What is ZLoader?

ZLoader, as previously reported by Hackread.com, is a banking Trojan. It utilizes web injection to steal passwords, browser cookies, and sensitive user data and is suspected of delivering Ryuk and Conti ransomware variants.

In previous incidents involving ZLoader, the trojan was delivered through traditional phishing email campaigns as well as by abusing online advertising platforms.

About the Campaign

Users in the USA, Canada, Australia, India, and Indonesia are primarily impacted by this campaign. According to Check Point researchers, malware is hidden under several layers of obfuscation and other detection

Read More: https://www.hackread.com/9-year-old-windows-flaw-zloader-malware/