ChannelLife Australia - Industry insider news for technology resellers
Australia
Guides
#
cloud services
#
cybersecurity
#
it distributors
#
microsoft
#
partner programmes
Search
Story image
#
Cybersecurity
#
Malware
#
Microsoft
New malware campaign exploits Microsoft's digital signature verification
Thu, 6th Jan 2022
FYI, this story is more than a year old
Author image
By Shannon Williams, Journalist
Follow us

Check Point Research has spotted a new malware campaign exploiting Microsoft's digital signature verification.

Named Zloader, the new malware is designed to steal cookies, passwords and any sensitive information.

According to Check Point Research, the campaign has taken more than 2,000 victims in 111 countries.

The banking has been known to deliver ransomware in the past and came onto CISA's radar in September 2021 as a threat in the distribution of Conti ransomware. During the same month, Microsoft said ZLoader operators were buying Google keyword ads to distribute various malware strains, including Ryuk ransomware. Check Point Research believes the campaign to be attributed to the cybercriminal group MalSmoke, given a few similarities with previous campaigns.

Infection Chain

Check Point Research says the attack begins with the installation of legitimate remote management program pretending to be a Java installation.

After this installation, the attacker has full access to the system and is able to upload/download files and also run scripts, so the attacker uploads and runs a few scripts that download more scripts that run mshta.exe with file appContast.dll as the parameter.

The file appContast.dll is signed by Microsoft, even though more information has been added to the end of the file. The added information downloads and runs the final Zloader payload, stealing user credentials and private information from victims, Check Point Research says.

Victims

So far, Check Point Research has documented 2170 unique victims. Most victims reside in the United States, followed by Canada and India.

Check Point Research says it has updated Microsoft and Atera of its findings.

"People need to know that they can't immediately trust a files digital signature," says Kobi Eisenkraft, malware researcher at Check Point Research.

"What we found was a new ZLoader campaign exploiting Microsoft's digital signature verification to steal sensitive information of users," he says.

Eisenkraft says Check Point Research first began seeing evidence of the new campaign around November 2021.

"The attackers, whom we attribute to MalSmoke, are after the theft of user credentials and private information from victims," he says.

"So far, we have counted north of 2,000 victims in 111 countries and counting. All in all, it seems like the Zloader campaign authors put great effort into defense evasion and are still updating their methods on a weekly basis," Eisenkraft says.

"I strongly urge users to apply Microsoft's update for strict Authenticode verification, it is not applied by default," he adds.

Safety Tips, According to Check Point Research:

  • Apply Microsoft's update for strict Authenticode verification. It is not applied by default.
  • Do not install programs from unknown sources or sites.
  • Do not press on links or open unfamiliar attachments that you get by mail.

 
Check Point Research is the threat intelligence arm of cybersecurity solutions provider Check Point Software.

Related stories
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services
Half of online traffic in 2024 generated by bots, report finds
Cisco boosts Secure Application with added data, cloud security features
Formlabs unveils Form 4 range, revolutionising professional 3D printing
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Intel reshuffles Asia Pacific leadership to boost business growth
Secolve & Asimily join forces to boost Australia's IoT security
Scality & Ingram Micro partner for market distribution of ARTESCA
Gen Z less enthusiastic about AI in Aussie workplaces, says Seismic study