OP 11 January, 2022 - 10:22 PM
Quote:An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and a nine-year-old flaw concerning Microsoft's digital signature verification to siphon user credentials and sensitive information.Source: https://thehackernews.com/2022/01/new-zl...paign.html
Israeli cybersecurity company Check Point Research, which has been tracking the sophisticated infection chain since November 2021, attributed it to a cybercriminal group dubbed MalSmoke, citing similarities with previous attacks.
"The techniques incorporated in the infection chain include the use of legitimate remote management software (RMM) to gain initial access to the target machine," Check Point's Golan Cohen said in a report shared with The Hacker News. "The malware then exploits Microsoft's digital signature verification method to inject its payload into a signed system DLL to further evade the system's defenses."