New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility

Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure was dismantled in April 2022. A new variant of the malware is said to have been in development since September 2023, Zscaler ThreatLabz said in an analys...

ZLoader’s Resurgence after Two Years in the Shadows

Summary: Zloader is a highly sophisticated Trojan originating from the leaked Zeus source code. Notable for its adaptive nature, the malware continuously evolved through each campaign since its debut in August 2015. After nearly two years of dormancy, Zloader reemerged with new iterations. Threat...

Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware

A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group...

Conti’s Ransomware Toll on the Healthcare Industry

Conti -- one of the most ruthless and successful Russian ransomware groups -- publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 20...

Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware

As announced today, Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. We used our research into this threat to enrich our protection technologies and ensure this infrastructure could no longer be...

Microsoft is now disabling Excel 4.0 macros by default

Back in October 2021, Microsoft announced in an email sent to customers that it planned to disable Excel 4.0 macros by default to protect customers from malicious documents. Now, Microsoft says that change has happened. Good news Sometimes good news in the security world comes later than expected...

9-year-old Windows flaw abused to drop ZLoader malware in 111 countries

By Waqas The vulnerability was identified and fixed in 2013 but in 2014 Microsoft revised the fix. This is a post from HackRead.com Read the original post: 9-year-old Windows flaw abused to drop ZLoader malware in 111 countries...

‘Malsmoke’ Exploits Microsoft’s E-Signature Verification

Threat actors are exploiting Microsoft’s digital signature verification to steal user credentials and other sensitive information by delivering the ZLoader malware, which previously has been used to distribute Ryuk and Conti ransomware, researchers have found. Researchers at Check Point Research...

New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification

An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and a nine-year-old flaw concerning Microsoft's digital signature verification to siphon user credentials and sensitive information. Israeli cybersecurity company Check Point Research, which has been trackin...

This Week in Security News – October 1, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about Zloader, a notable recent ZBOT variant. Also, read on a recently introduced bill that would mandate ransom payment reporting...

This Week in Security News – October 1, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about Zloader, a notable recent ZBOT variant. Also, read on a recently introduced bill that would mandate ransom payment reporting...

Fake TeamViewer download ads distributing new ZLoader variant

By Deeba Ahmed According to researchers, the new campaign uses fake TeamViewer download ads to trick users into downloading the Zloader malware. This is a post from HackRead.com Read the original post: Fake TeamViewer download ads distributing new ZLoader variant...

ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender

A targeted campaign delivering the ZLoader banking trojan is spreading via Google AdWords, and is using a mechanism to disable all Windows Defender modules on victim machines, researchers have found. That’s according to SentinelLabs, which said that to lower the rates of detection, the infection...

Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files

While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain directly, new findings indicate attackers are using non-malicious documents to disable security warnings prior to executing mac...

Microsoft Teams Users Under Attack in 'FakeUpdates' Malware Campaign

Attackers are using ads for fake Microsoft Teams updates to deploy backdoors, which use Cobalt Strike to infect companies’ networks with malware. Microsoft is warning its customers about the so-called “FakeUpdates” campaigns in a non-public security advisory, according to a report in Bleeping...

Threat Source newsletter for Sept. 3, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware. The campaigns distributed various malware payloads including Gozi ISFB, ZLoade...

Salfram: Robbing the place without removing your name tag

By Holger Unterbrink and Edmund Brumaghin. Threat summary Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware.The campaigns distributed various malware payloads including Gozi ISFB, ZLoader...

Shining a light on “Silent Night” Zloader/Zbot

When it comes to banking Trojans, ZeuS is probably the most famous one ever released. Since its source code originally leaked in 2011, several new variants proliferated online. That includes a past fork called Terdot Zbot/Zloader, which we extensively covered in 2017. But recently, we observed...