More sophisticated attack techniques have been integrated into the updated version of the Zloader malware also known as Silent Night, DELoader, and Terdot distributed in a campaign almost two years after the botnet had its infrastructure disrupted, according to The Hacker News.
Major loader module modifications have been done for the new Zloader version, including 64-bit Windows operating system support, RSA encryption, and a new domain generation algorithm, a report from Zscaler ThreatLabz revealed. Moreover, operators of Zloader have also sought to bypass detection and analysis through string obfuscation and junk code.
"Zloader was a significant threat for many years and its comeback will likely result in new ransomware attacks. The operational takedown temporarily stopped the activity, but not the threat group behind it," said researchers.
Such findings follow a Red Canary report detailing the mounting distribution of the Zloader, NetSupport RAT, and FakeBat payloads through MSIX files since July.