Is this really the end of the ZLoader malware? Microsoft is notorious for attacking these bots, which have been notorious for attacking healthcare facilities and businesses.
ZLoader is a bot based on a network of infected devices located in businesses, hospitals, schools and also in private homes. Particularly active, he served in cyber-attack campaigns around the world, including in France last year. Hence, professional carriers have been targeted to collect sensitive data.
Malware as a Service
After a court order, Microsoft was able to dismantle this malware which is controlled by an organized criminal network that exploits malware in the form of “Program as a Service” (SaaS). The goal is to steal and extort money. The Windows publisher controlled 65 domain names used by this network, as well as another 319 domain names associated with the malware’s built-in domain name generator algorithm.
Microsoft explains that originally, ZLoader set out to steal login credentials, passwords, and other information, in order to extort money from its victims. But the program was also able to disable the most common security and protection programs, thanks to a specific component. So affected people and organizations can no longer detect the infection.
ZLoader has also been used to develop other malware such as Ryuk ransomware, which targets healthcare organizations for extortion of ransomware. The operation carried out by Microsoft aims to dismantle the ZLoader infrastructure and reduce the malicious power of the criminal organization behind it. The company will continue to monitor their activity.
This is good news on the cyberwar front, and another victory for Microsoft is on the way. However, these networks are particularly resilient and can quickly develop countermeasures. It’s a never ending game of cat and mouse…
“Unapologetic pop culture trailblazer. Freelance troublemaker. Food guru. Alcohol fanatic. Gamer. Explorer. Thinker.”