Discovered new variation of banking malware active 14 years ago


Malwarebytes Labs and Proofpoints, cybersecurity companies, have discovered a new fork of banking malware ZLoader, active for 14 years. Actions in this regard were found in attempts to bait via e-mail, browser extensions, activation of Microsoft Office 365 files, among others.

According to a report by Malwarebytes Labs, the new criminal system based on the illegal software ZeuS had activities observed in November 2019, under the nickname “Silent Night” – possibly in reference to the biochemical weapon of the 2002 film Triple X.

A Proofpoints study captured more than 100 such attempts since January 1, 2020 against targets in the United States, Canada, Germany, Poland and Australia. They even appeared under fake covid-19 scam prevention emails, as well as sales of tests for the disease.

The company reports that the current version has some aspects similar to the original ZLoader, last identified in 2018, in terms of functionality and network traffic. However, the latest one does not include code hiding, encryption style and other advanced features of the base program. This explains the fact that it is not an update of the first type of malware, but a fork of the edition of two years ago.

This variant works in the same way as other banking software: there is always a downloadable file with a built-in installer, which searches for a main malicious module to inject various running processes. From this operation, the victim’s computer is hacked to obtain financial information, passwords and cookie data.