Amidst the dynamic landscape of cybersecurity, a renewed threat looms as ZLoader malware resurfaces nearly two years after the dismantling of its infrastructure. Zscaler ThreatLabz’s recent analysis reveals a formidable new variant, developed since September 2023, featuring RSA encryption, an updated domain generation algorithm, and compatibility with 64-bit Windows. Originating from the Zeus banking trojan, ZLoader has adapted over the years, evolving into a loader for subsequent-stage payloads, including ransomware. Despite a setback in 2022, a coalition led by Microsoft’s Digital Crimes Unit, the latest iterations of ZLoader (2.1.6.0 and 2.1.7.0) exhibit resilience against analysis with junk code and string obfuscation. The malware now employs specific filenames for execution and encrypts its static configuration with RC4, concealing critical campaign information. Cybersecurity experts anticipate a surge in ransomware attacks, emphasizing the persistent threat from the group behind ZLoader. This resurgence aligns with broader trends, such as the increased use of MSIX files in malware campaigns and the emergence of new stealer malware families, urging the cybersecurity community to stay vigilant in the face of evolving digital threats.
https://thehackernews.com/2024/01/new-zloader-malware-variant-surfaces.html