Zloader Banking Malware Uses Microsoft E-Signature Tool Vulnerability to Steal Sensitive Credentials

By

The new Zloader banking malware can steal your sensitive data. Check Point Research (CPR), the first security firm that discovered this virus, said that this malicious content is being used by Malsmoke hacking group.

Google Chrome Users Beware: Emergency Update Releases to Fix Zero-Day Security Vulnerability
In this file photo taken on August 04, 2020, Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, uses his computer at their office in Dongguan, China's southern Guangdong province. - As the number of online devices surges and super-fast 5G connections roll out. NICOLAS ASFOURI/AFP via Getty Images

This cybercrime union uses this new banking malware to abuse the flaw in Microsoft's popular e-signature verification system. Combing the vulnerability and the computer virus allows them to exploit the malware and steal consumers' sensitive information.

"Previous Zloader campaigns, which were seen in 2020, used malicious documents, adult sites, and Google ads to infect systems," said Check Point Research via its official blog post.

The giant security firm continued its observation last November 2021 and discovered that it is being used again by the Malsmoke hacking group.

Zloader Banking Malware's Severity

According to ZDNet's latest report, the new banking malware has already affected around 2,100 people in different countries. The majority of the victims are in the United States, India, and Canada.

Zloader Banking Malware Uses Microsoft E-Signature Tool Vulnerability to Steal Sensitive Credentials
A particpant checks a circuit board next to an oscilloscope on the first day of the 28th Chaos Communication Congress (28C3) - Behind Enemy Lines computer hacker conference on December 27, 2011 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants. Photo by Adam Berry/Getty Images

As of the moment, CPR said they see the malicious campaign in around 111 countries. When Zloader was first discovered, malicious actors were using it to exploit Trojan viruses to steal banking credentials.

Because of this, it was closely connected to other ransomware models. On the other hand, Check Point Research works using a legitimate remote management software called Atera.

Zloader uses this system as a springboard to infect other systems. If you want to see more details about this new banking malware, you can check this link.

Microsoft E-Signature Verification's Flaws

CPR's security experts confirmed three vulnerabilities in Microsoft's e-signature verification tool that are being exploited by the new banking malware.

These include the following:

  • CVE-2020-1599
  • CVE-2013-3900
  • CVE-2012-0151

Microsoft explained that updates to fix these flaws were already released. However, they are not installed by default. This means that consumers who will not download the updates manually will certainly be affected by the new computer virus.

In other news, another malware called RedLine was able to breach more than 400,000 accounts. Meanwhile, T-Mobile's system was recently breached using the so-called sim swapping method.

For more news updates about Zloader malware and other computer viruses, always keep your tabs open here at TechTimes.

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:Microsoft
Join the Discussion
Most Popular
Real Time Analytics