IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

ZLoader malware returns as a coronavirus phishing scam

Hackers have used ZLoader in 100 email campaigns in 2020

It appears that banking malware ZLoader has returned to the scene. As reported by Cyware, hackers have distributed the malware as part of a coronavirus-related phishing scam and has reportedly been spotted in over 100 email campaigns since the start of this year. According to Cyware, the malware is still under active development with new variants of the code continuing to pop up too. 

By borrowing select functions from Zeus, the ZLoader malware has successfully stolen data from banking customers across various continents. In the past, threat actors behind ZLoader malware have set their sights on Canadian organizations. This year, though, the group seems to have changed course and seems to be trying to dupe users in the U.S., Germany, Poland and Australia too. The group has done so by leveraging coronavirus-related phishing scams.

In March, FireEye reported fraudulent emails using coronavirus-related prevention tips, testing and invoices to dupe users into distributing the ZLoader banking malware. Then, in April, an email campaign was spread by password-protected Excel sheets accompanied by a message that a family member, colleague or neighbor of the user had recently contacted the virus. The emails also claimed to provide coronavirus-testing-related information. 

Earlier this month, Bleeping Computer reported that several malspam campaigns from multiple threat actors had started using PDF files linking to a Microsoft Word document laced with a macro code designed to download and run ZLoader.

Fortunately, users can protect themselves from ZLoader malware. To do so, avoid opening attachments or accessing links you’ve received from suspicious or otherwise unknown email addresses. Users should also avoid using third-party or P2P websites to download or update software. Anti-malware software can also be particularly helpful, as can changing passwords connected to financial accounts on a frequent basis.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022