Researchers at Check Point found that the aggressive Zloader banking malware campaign is exploiting Microsoft’s digital signature verification method to inject code into a signed system DLL.
Since November 2021 the campaign has been ongoing, for initial access to the target machines leveraging legitimate enterprise remote monitoring and management application Atera. Zloader’s operators created an installer with a temporary email address inside as part of the campaign.
The attacks also abuse Atera’s ability to install an agent on the endpoint and assign it to a specific account by including the owner’s email address in a unique .msi file.
Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News