The banking malware ZLoader is an old acquaintance among cyber security experts. This modification of the notorious banking malware has been around for 15 years. Above all, the malware was causing mischief around the world between 2016 and 2018. As a result, the situation has calmed down, until now!
Cyber security researchers have been observing a new variant of ZLoader since December, which is like the original malware. The malware uses webinjects to steal access data and other private information from customers of certain banks. Since the beginning of 2020, experts have already seen over 100 campaigns with the new version of ZLoader, in which recipients have been targeted by cybercriminals. The attackers sent e-mails with various baits to lure their potential victims into the trap. These include tips for preventing fraud related to the rampant coronavirus.
The functions of the malware also include the theft of passwords and cookies that are stored in the victims browsers. By means of the captured information, the malware is able to use a reloaded client in order to carry out illegal financial transactions via the legitimate end device of the bank customer. When analyzing the new variant, the security experts found that it lacks important functions of the original malware. The new malware variant dispenses with code obfuscation, string encryption and some other important elements of the original ZLoader.
In Any Case, The Victims Suffer Financial Losses
Unfortunately, websites displaying the error could be used to distribute other malicious programs. Typically, websites that display fake virus, error and other warnings are opened through other untrustworthy websites, misleading advertisements. Software should not be downloaded through third party downloaders or other tools. It should only be done through official, trusted websites and direct download links. Attachments in irrelevant emails received from unknown, suspicious addresses should not be opened. It is important to keep the installed software up to date, but it should be done correctly.
