Technology

ZLoader malware warning as thousands of people attacked by virus exploit Microsoft signature verification to steal data

HACKERS are exploiting a Microsoft digital signature vulnerability that allows them to steal personal data and install viruses, affecting thousands of users.

About 2,100 people have been affected by the virus, known as ZLoader, and researchers believe the hacker’s latest campaign began last November.

Cybercriminals are exploiting a Microsoft digital signature vulnerability that allows them to steal personal data affecting users worldwide

first

Cybercriminals are exploiting a Microsoft digital signature vulnerability that allows them to steal personal data affecting users worldwideCredit: Getty

Victims in WE and Canada were affected, but the malware was identified in 111 countries.

ZLoader is known to have provided banking trojans in the past, ZDNet report.

Cybercriminals use software called Atera to infect systems.

Atera appears to show a fake Java installer, but the hacker is installing an agent that is connected to the user’s device.

Files that target Windows Defender and another that launch ZLoader are added to the computer.

It stops the warnings issued by the cybersecurity tool and seems to exploit an internal vulnerability Microsoft’s electronic signature verification system.

Kobi Eisenkraft, a malware researcher at Test marks, says: “People need to know that they can’t immediately trust a file’s digital signature.

“What we discovered is a new ZLoader campaign that exploits Microsoft’s digital signature verification to steal sensitive user information.”

Microsoft apparently resolved the bug in 2013 but a year later tech bosses turned the patch into an opt-in feature.

“This fix is ​​disabled by default, which is what allows the malware author to modify the signed file,” the researchers said.

A Microsoft spokesperson told ZDNet: “We released a security update (CVE-2013-3900) in 2013 to help protect our customers from exploiting this vulnerability.

“Customers who apply the update and activate the configuration indicated in the security advisory will be protected.

“Exploiting this vulnerability requires entering the user’s machine or convincing the victim to run a specially crafted, signed PE file.”

WILL HACK

“It appears that the authors of the ZLoader campaign have been very hard on the defensive and are still updating their methods on a weekly basis,” Eisenkraft said.

It comes just months after Microsoft warned that ZLoader was being distributed through Google keyboard ads to infect vulnerable computers.

Americans are also warned update their computer after the “CVE-2021-44228” vulnerability in Apache Log4j software was discovered as a vulnerability in credential-stealing malware.

Windows 10 users have been warned about about 60 vulnerabilities that have been found by researchers.

One vulnerability has been discovered as CVE-2021-43890 – a rogue vulnerability in the Windows AppX installer that can be used to deliver malware.

This malware package is installed by unsuspecting users when they open infected documents.

Microsoft says it is aware of the vulnerability and that researchers are working to resolve it.

Chad McNaughton, of Automox, warned that organizations should act to “fix” their systems when the exploit is “working”.

The Sun has reached out to Microsoft for comment.

FAKE Warning Microsoft emails here are red flags to watch out for to protect your device

https://www.the-sun.com/tech/4399874/zloader-malware-exploits-microsoft-signature-verification/ ZLoader malware warning as thousands of people attacked by virus exploit Microsoft signature verification to steal data

TaraSubramaniam

Daily Nation Today is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@dailynationtoday.com. The content will be deleted within 24 hours.

Related Articles

Back to top button