Zloader Trojan Disables Microsoft Defender on Victims’ Systems
During cyberattacks, the Zloader Trojan disables the Microsoft Defender antivirus solution on the victim’s computer systems in order to avoid detection.
The behavior of the Zloader Trojan was investigated by SentinelOne specialists that published a detailed report on this.
The attackers also changed the vector of malware propagation from spam or phishing emails to TeamViewer advertising using Google Adwords, redirecting victims to malicious sites. Victims are tricked into downloading signed malicious MSI installers designed to install the Zloader malware.
Cybersecurity researchers at SentinelLabs said that in order to achieve a higher level of stealth, attackers replaced the first stage loader from a classic malicious document with an MSI payload.
According to experts, the current campaign is primarily aimed at clients of German and Australian banking institutions.
Zloader (also known as Terdot and DELoader) is a banking Trojan discovered in August 2015. The malware was used to attack clients of several UK financial institutions. Like Zeus Panda and Floki Bot, the malware is almost entirely based on the source code of the Zeus v2 Trojan, which leaked over a decade ago.
Let me remind you that we also reported that Windows Defender creates thousands of files in Windows 10 due to bug.