Microsoft recently took legal and technical steps to stop and pursue a massive “ZLoader” botnet operation. Along with the consortium of cybersecurity companies, Microsoft took down 65 domains that the ZLoader was using to communicate with infected devices. ZLoader is a complicated malware that connects computing devices spread across schools, homes, businesses, and even hospitals worldwide. Run by an organized crime gang, this malware is designed to extort money and has been pretty successful so far. Luckily, Microsoft could disrupt the operation and even found the person behind the whole scheme.
According to Microsoft representatives, ZLoader is similar to a notorious TrickBot, which in turn was a derivative of the Zeus banking trojan that spread around the web around 3 years ago.
After Zeus underwent some serious refinements and improvements, it was sold to other threat actors who were able to repurpose it for their malicious goals.
What makes ZLoader standout among other similar malware is its effective defense evasion capabilities. The malware can disable security and antivirus tools so the system doesn’t alert the user that the device has been compromised. This makes it much easier for hackers to abuse the malware to the fullest and extract as much as possible from their victims in terms of finances and information. ZLoader also sells its access-as-a-service to other affiliate groups that might want to abuse the malware for their reasons.
The man behind ZLoader
Microsoft’s investigation unmasked Denis Malikov, one of the masterminds behind this elaborate malware. Malikov lived in Simferopol on the Crimean Peninsula and was heavily involved in developing and distributing the malware. While the perpetrator would remain anonymous in most similar cases, Microsoft’s decision to name the criminal was intentional.
Microsoft representatives have been quoted saying that this decision sends a message to everyone who considers or is currently participating in cybercrime. Publicizing the criminal’s name behind the malware makes it clear cybercriminals won’t be able to hide behind the anonymity of the internet when they choose to commit crimes.
How ZLoader scammed thousands of users
There is a reason why Microsoft chose to direct its vast resources and valuable time specifically towards ZLoader malware. The capabilities of this particular malware are outstanding and include taking advantage of legitimate security tools, capturing screenshots, collecting cookies,
stealing credentials and providing remote access to attacks, stealing banking data, performing reconnaissance, launching persistence mechanisms, and more.
Microsoft supported an in-depth analysis of malware’s malicious activities starting from February of 2020 and found that most operations originated from two affiliates starting from October 2020, which is surprising considering the scope of the entire operation.
ZLoader uses various tactics to achieve its objectives, including phishing emails, rogue Google Ads, and remote management software for its initial contact with the victim and combines it with the comprehensive defense evasion mechanism we’ve mentioned above.
Although, ZLoader’s journey to becoming an infamous, complicated malware, hasn’t been quick. Originally, the ZLoader was a basic trojan with financial incentives, but with time and effort from its creators, it transformed into a MaaS – a malware-as-a-service solution. Apart from increasing its effectiveness, this recent update also made it possible for the creators of ZLoader to sell their product to other threat groups.
How to protect yourself from similar cybercrime
While most people don’t understand the complicated procedures for creating malware like ZLoader, they can use quality tools to defend themselves and their devices from being compromised. VPN meaning is quite simple – it is advanced protection from snoopers online; it protects your identity every time you go online. Unless you conceal your IP address, it could lead to hackers finding out other personal details about you.
Apart from the anonymity guaranteed by the VPN, you can also use the Threat protection feature that will alert you every time you visit a website containing malware or download a file that could pose a risk to your device and your security. Malware isn’t going to stop getting better, so internet users must take their cyber safety into their own hands by using effective cyber defense tools to ensure their safety and avoid falling victim to scams similar to ZLoader.