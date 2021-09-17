Security specialists spoke about the emergence of a new version of the dangerous banking Trojan ZLoader. This is reported by the Threatpost edition.

Specialists of the SentinelLabs agency spoke about the malicious program. Called ZLoader, the program is distributed over the Internet. The malicious code integrates into Google AdWords contextual advertising, and then penetrates the victim’s computer through the browser. Due to the presence of a fake security certificate, the virus can disable the built-in OS antivirus from Microsoft – Windows Defender.

“This is a typical banking Trojan that injects web injections to steal cookies, passwords and any confidential information,” said SentinelLabs. The heyday of the ZLoader program was recorded several years ago, and then the cases of PC hacks using it decreased dramatically. According to experts, it is clear that the Trojan has returned. The original version of ZLoader was based on the Zeus banking Trojan after its source code was published about ten years ago.

The Trojan uses compromised Google AdWords ads to target its victims, and it can also spread via Discord, Java plugins, TeamViewer and Zoom. To mislead the built-in Windows antivirus and penetrate the computer, the program uses a security certificate issued by a certain company Flyintellect Inc. “The company was registered on June 29, 2021 – apparently, specifically for obtaining certificates,” – said the engineers at SentinelLabs.

Experts believe that the latest wave of ZLoader attacks is targeting users of financial institutions in Australia and Germany. The program intercepts web requests from users to banking portals to steal their credentials.

At the end of July, security experts discovered a virus on the network similar to the distribution kit for installing Windows 11. Attackers are taking advantage of the lack of awareness of consumers that the new operating system has not yet been officially released.