Ransomware, Malware, Endpoint/Device Security

Significantly enhanced Zloader botnet emerges

More sophisticated attack techniques have been integrated into the updated version of the Zloader malware also known as Silent Night, DELoader, and Terdot distributed in a campaign almost two years after the botnet had its infrastructure disrupted, according to The Hacker News. Major loader module modifications have been done for the new Zloader version, including 64-bit Windows operating system support, RSA encryption, and a new domain generation algorithm, a report from Zscaler ThreatLabz revealed. Moreover, operators of Zloader have also sought to bypass detection and analysis through string obfuscation and junk code. "Zloader was a significant threat for many years and its comeback will likely result in new ransomware attacks. The operational takedown temporarily stopped the activity, but not the threat group behind it," said researchers. Such findings follow a Red Canary report detailing the mounting distribution of the Zloader, NetSupport RAT, and FakeBat payloads through MSIX files since July.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.