Threat Alert
Security experts have identified a resurgence of the notorious ZLoader malware, making a comeback almost two years after its infrastructure was dismantled in April 2022. According to Zscaler ThreatLabz, a new variant has been in development since September 2023, featuring significant updates.
The latest ZLoader versions (2.1.6.0 and 2.1.7.0) include enhanced loader modules, incorporating RSA encryption and a revamped domain generation algorithm. Notably, it's now compiled for 64-bit Windows operating systems for the first time.
Originating from the Zeus banking trojan in 2015, ZLoader evolved into a loader for next-stage payloads, including ransomware. After a setback in 2022 when Microsoft's Digital Crimes Unit seized control of key domains, the malware has returned with new evasion tactics.
To resist analysis, the malware deploys junk code, string obfuscation, and specific filenames for execution on compromised hosts. Encryption using RC4 with a hard-coded alphanumeric key conceals campaign details, while an updated domain generation algorithm serves as a backup communication method if primary servers are inaccessible.
The resurgence of ZLoader follows a rise in campaigns using MSIX files to deliver malware, including NetSupport RAT and FakeBat, prompting Microsoft to disable the protocol handler in December 2023.
Experts warn of potential new ransomware attacks, emphasizing that the operational takedown in 2022 only temporarily halted ZLoader's activity, not the threat group behind it.
Stay vigilant and update your security measures to protect against evolving cyber threats.
#CyberSecurity

#ThreatAlert

#ZLoaderReturn