Reemergent Zloader trojan has been updated once again by its operators to include an anti-analysis feature restricting binary execution to compromised machines, which is similar to one observed in exposed Zeus banking trojan 2.x source code, according to The Hacker News.
With the new capability, the Zloader malware — also known as DELoader, Terdot, or Silent Night — halts operations once executed on another system following initial compromise, with trojan execution stalled until corrections are applied to the seed and MZ header values and replications of all the Registry and disk paths/names from the affected system are made, a report from Zscaler ThreatLabz revealed.
"In recent versions, ZLoader has adopted a stealthy approach to system infections. This new anti-analysis technique makes Zloader even more challenging to detect and analyze," said researcher Santiago Vicente.
Such a development follows the reported use of the Taskun malware to facilitate global Agent Tesla attacks, as well as the use of fraudulent sites for information-stealing malware distribution.
