ZLoader malware returns as a coronavirus phishing scam

Hackers have used ZLoader in 100 email campaigns in 2020

It appears that banking malware ZLoader has returned to the scene. As reported by Cyware, hackers have distributed the malware as part of a coronavirus-related phishing scam and has reportedly been spotted in over 100 email campaigns since the start of this year. According to Cyware, the malware is still under active development with new variants of the code continuing to pop up too. 

By borrowing select functions from Zeus, the ZLoader malware has successfully stolen data from banking customers across various continents. In the past, threat actors behind ZLoader malware have set their sights on Canadian organizations. This year, though, the group seems to have changed course and seems to be trying to dupe users in the U.S., Germany, Poland and Australia too. The group has done so by leveraging coronavirus-related phishing scams.

In March, FireEye reported fraudulent emails using coronavirus-related prevention tips, testing and invoices to dupe users into distributing the ZLoader banking malware. Then, in April, an email campaign was spread by password-protected Excel sheets accompanied by a message that a family member, colleague or neighbor of the user had recently contacted the virus. The emails also claimed to provide coronavirus-testing-related information. 

Earlier this month, Bleeping Computer reported that several malspam campaigns from multiple threat actors had started using PDF files linking to a Microsoft Word document laced with a macro code designed to download and run ZLoader.

Fortunately, users can protect themselves from ZLoader malware. To do so, avoid opening attachments or accessing links you’ve received from suspicious or otherwise unknown email addresses. Users should also avoid using third-party or P2P websites to download or update software. Anti-malware software can also be particularly helpful, as can changing passwords connected to financial accounts on a frequent basis.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021