Hackers exploit old Microsoft Vulnerability to drop Zloader Malware

276

Hackers are found inducing Zloader Malware into Windows machines since November last year and reports are in that the malicious software tool has already targeted over 2,848 victims from 111 countries so far.

Highly placed sources say that the malware has been distributed via phishing campaign by a cyber threat group named MalSmoke.

Check Point researchers who discovered Zloader reiterated the fact that the said malware has capabilities to steal other sensitive info along with the feature of inducing ransomware payloads such as Ryuk and Egregor.

The concept of distributing the Zloader malware is simple, lure online victims into clicking malicious links hidden in A rated photos or videos or to spam the victim with emails impersonating banks and large tech corporations like Microsoft.

Interestingly, the payload is seen exhibiting registry-editing scripts with a valid code signature and so the operating system processes it with trust.

Microsoft that fixed this security vulnerability in 2012-13 by implementing strict file verification policies is busy urging admins to follow its legacy advisory published in August 2013 in order to fix the issue.

Downloading files from trustworthy websites and never opening emails send by anonymous senders will help in avoiding Zloader malware installation. Keeping the systems loaded with anti-spyware or antivirus software makes complete sense.

Ad
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security