During cyberattacks, the Zloader Trojan disables the Microsoft Defender antivirus solution on the victim’s computer systems in order to avoid detection.

The behavior of the Zloader Trojan was investigated by SentinelOne specialists that published a detailed report on this.

Whilst analyzing anomalies in SentinelOne’s threat telemetry, we identified a new ZLoader botnet recently set up which implements a novel delivery mechanism with a stealthy infection chain. ZLoader operators deployed undetected droppers and disabled security solutions to lower the chances of detection.SentinelOne researchers tell.

The attackers also changed the vector of malware propagation from spam [...]