Ransomware, Malware, Endpoint/Device Security
Significantly enhanced Zloader botnet emerges
More sophisticated attack techniques have been integrated into the updated version of the Zloader malware also known as Silent Night, DELoader, and Terdot distributed in a campaign almost two years after the botnet had its infrastructure disrupted, according to The Hacker News.
Major loader module modifications have been done for the new Zloader version, including 64-bit Windows operating system support, RSA encryption, and a new domain generation algorithm, a report from Zscaler ThreatLabz revealed. Moreover, operators of Zloader have also sought to bypass detection and analysis through string obfuscation and junk code.
"Zloader was a significant threat for many years and its comeback will likely result in new ransomware attacks. The operational takedown temporarily stopped the activity, but not the threat group behind it," said researchers.
Such findings follow a Red Canary report detailing the mounting distribution of the Zloader, NetSupport RAT, and FakeBat payloads through MSIX files since July.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds