‘Malsmoke’ Exploits Microsoft’s E-Signature Verification

The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.

Threat actors are exploiting Microsoft’s digital signature verification to steal user credentials and other sensitive information by delivering the ZLoader malware, which previously has been used to distribute Ryuk and Conti ransomware, researchers have found.

Researchers at Check Point Research (CPR) discovered the cybercriminal group Malsmoke delivering the campaign, which they traced back to November 2021, according to a report posted online Wednesday.

“What we found was a new ZLoader campaign exploiting Microsoft’s digital signature verification to steal sensitive information of users,” warned Kobi Eisenkraft, a malware researcher at CPR. “People need to know that they can’t immediately trust a file’s digital signature.”

Attackers already have claimed 2,170 unique victims in 111 countries, mainly in the United States, Canada and India.

Moreover, attackers are updating attack methods “on a weekly basis” in an evolving campaign that remains very much active, Eisenkraft said.

ZLoader is a banking trojan that uses web injection to steal cookies, passwords and other sensitive information from victims’ machines. It attracted the attention of the Cybersecurity Infrastructure

Read More: https://threatpost.com/malsmoke-microsoft-e-signature-verification/177363/