A new ZLoader campaign has exploited Microsoft’s digital signature verification to steal user credentials and sensitive information of over 2,000 victims in 111 countries, according to Check Point Research (CPR).
The malware has claimed 2,170 unique victims. Most victims reside in the US, followed by Canada and India.
“People need to know that they can’t immediately trust a file’s digital signature,” Kobi Eisenkraft, Malware Researcher at Check Point, said.
“A new ZLoader campaign exploited Microsoft’s digital signature verification to steal information of users. We first began seeing evidence of the new campaign around November 2021,” Kobi Eisenkraft said.
CPR attributes the campaign, which traces back to November 2021, to the cybercriminal group Malsmoke, which placed significant effort into evasion methods.
“The attackers, whom we attribute to MalSmoke, are after the theft of user credentials and private information from victims. So far, we have counted north of 2,000 victims in 111 countries and counting,” Kobi Eisenkraft said.
ZLoader is known to be a tool in delivering ransomware. It has been known to deliver ransomware in the past and came to CISA’s radar in September 2021 as a threat in the distribution of Conti ransomware.