Blog
130
Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

Zloader Trojan Disables Microsoft Defender on Victims’ Systems

Now Reading
Zloader Trojan Disables Microsoft Defender on Victims’ Systems

Contents
Zloader disables Microsoft Defender

During cyberattacks, the Zloader Trojan disables the Microsoft Defender antivirus solution on the victim’s computer systems in order to avoid detection.

The behavior of the Zloader Trojan was investigated by SentinelOne specialists that published a detailed report on this.

Whilst analyzing anomalies in SentinelOne’s threat telemetry, we identified a new ZLoader botnet recently set up which implements a novel delivery mechanism with a stealthy infection chain. ZLoader operators deployed undetected droppers and disabled security solutions to lower the chances of detection.SentinelOne researchers tell.

The attackers also changed the vector of malware propagation from spam or phishing emails to TeamViewer advertising using Google Adwords, redirecting victims to malicious sites. Victims are tricked into downloading signed malicious MSI installers designed to install the Zloader malware.

Cybersecurity researchers at SentinelLabs said that in order to achieve a higher level of stealth, attackers replaced the first stage loader from a classic malicious document with an MSI payload.

The chain of attacks analyzed in our study shows how the complexity of the attack has increased in order to achieve a higher level of stealth. The first stage dropper has been replaced from a classic malicious document with a hidden signed MSI payload. It uses backdoor binaries and the LOLBAS series to weaken security and proxy its payloads to execute.SentinelLabs security researchers said.

According to experts, the current campaign is primarily aimed at clients of German and Australian banking institutions.

At the time of writing, we have no evidence that the delivery chain has been implemented by a specific affiliate or if it was provided by the main operator.SentinelOne experts also explain.

Zloader (also known as Terdot and DELoader) is a banking Trojan discovered in August 2015. The malware was used to attack clients of several UK financial institutions. Like Zeus Panda and Floki Bot, the malware is almost entirely based on the source code of the Zeus v2 Trojan, which leaked over a decade ago.

Let me remind you that we also reported that Windows Defender creates thousands of files in Windows 10 due to bug.

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
Posted In
Blog
Tags
DELoader, Floki Bot, MSI, SentinelLabs, SentinelOne, Terdot, Zeus Panda, Zloader, Zloader disables Microsoft Defender
, , , , , , , ,
About The Author
Vladimir Krasnogolovy
Comments
Leave a response

Leave a Response