Criminals and hackers will always exploit vulnerabilities, but software companies try to stay ahead of them. Tap or click here to see how malware can expose your browser passwords.
A big problem is that malware is constantly being adapted to circumvent any security efforts. Companies like Microsoft and Google can only patch what they know about, and sometimes hackers circle around to exploit old vulnerabilities.
Keep reading to find out how malware is now attacking a flaw in Windows that Microsoft patched years ago.
Here’s the backstory
Malware can be designed to accomplish many things, with the most lucrative goal being able to steal your banking details. A popular malware tool called Zloader has been used in various cyberattacks for years.
Focused on banking, the malicious code is used to steal credentials and personal information through compromised documents, email attachments, and even Google ads. The attacks can also be converted into ransomware, where the victim needs to pay to have their files unlocked.
Several patches and vulnerability fixes have been released against ZLoader in the past. But a new version of the malware is attacking a flaw that Microsoft patched in 2013.
Check Point Research detailed how the updated campaign uses a patched flaw in Microsoft’s digital signature verification system to bypass detection. To gain access to a system, hackers must trick a user into installing a real remote IT management tool called Atera.
But the dynamic-link library file (or .dll) of the tool has been compromised with ZLoader. Any computer will automatically check the file’s digital signature, but because of the vulnerability, the malware won’t be flagged. The file will get a clean bill of health from Windows Defender as it has Microsoft’s genuine signature attached.
What you can do about it
Check Point Research notes that 2,170 unique IP addresses have downloaded the compromised Atera file. The majority (864) is located in the U.S., while Canada has around 300 infections, and India has 140.
You would need…