infotechlead

ZLoader campaign exploited Microsoft’s digital signature: Check Point

A new ZLoader campaign has exploited Microsoft’s digital signature verification to steal user credentials and sensitive information of over 2,000 victims in 111 countries, according to Check Point Research (CPR).
Microsoft-in-China-518x420
The malware has claimed 2,170 unique victims. Most victims reside in the US, followed by Canada and India.

“People need to know that they can’t immediately trust a file’s digital signature,” Kobi Eisenkraft, Malware Researcher at Check Point, said.

“A new ZLoader campaign exploited Microsoft’s digital signature verification to steal information of users. We first began seeing evidence of the new campaign around November 2021,” Kobi Eisenkraft said.

CPR attributes the campaign, which traces back to November 2021, to the cybercriminal group Malsmoke, which placed significant effort into evasion methods.

“The attackers, whom we attribute to MalSmoke, are after the theft of user credentials and private information from victims. So far, we have counted north of 2,000 victims in 111 countries and counting,” Kobi Eisenkraft said.

ZLoader is known to be a tool in delivering ransomware. It has been known to deliver ransomware in the past and came to CISA’s radar in September 2021 as a threat in the distribution of Conti ransomware.

Latest

More like this
Related

Cybersecurity issues in Rockerbox.tech database exposure

Rockerbox.tech, a Texas-based tax credit consulting firm, has been...

Cybersecurity alert: Amazon Prime Day becomes main target for scams

As Amazon launches Prime Day 2025 on July 8,...

Massive surge in cookie theft sparks cybersecurity alarms worldwide

The global cybersecurity industry is under mounting pressure as...

Ingram Micro detects ransomware attack on internal systems

Ingram Micro recently detected a ransomware attack on parts...