ChannelLife New Zealand logo
Industry insider news for New Zealand's technology resellers
Story image

New malware campaign exploits Microsoft's digital signature verification

By Shannon Williams
Thu 6 Jan 2022

Check Point Research has spotted a new malware campaign exploiting Microsoft's digital signature verification.

Named Zloader, the new malware is designed to steal cookies, passwords and any sensitive information.

According to Check Point Research, the campaign has taken more than 2,000 victims in 111 countries.

The banking has been known to deliver ransomware in the past and came onto CISA's radar in September 2021 as a threat in the distribution of Conti ransomware. During the same month, Microsoft said ZLoader operators were buying Google keyword ads to distribute various malware strains, including Ryuk ransomware. Check Point Research believes the campaign to be attributed to the cybercriminal group MalSmoke, given a few similarities with previous campaigns.

Infection Chain

Check Point Research says the attack begins with the installation of legitimate remote management program pretending to be a Java installation.

After this installation, the attacker has full access to the system and is able to upload/download files and also run scripts, so the attacker uploads and runs a few scripts that download more scripts that run mshta.exe with file appContast.dll as the parameter.

The file appContast.dll is signed by Microsoft, even though more information has been added to the end of the file. The added information downloads and runs the final Zloader payload, stealing user credentials and private information from victims, Check Point Research says.

Victims

So far, Check Point Research has documented 2170 unique victims. Most victims reside in the United States, followed by Canada and India.

Check Point Research says it has updated Microsoft and Atera of its findings.

"People need to know that they can't immediately trust a files digital signature," says Kobi Eisenkraft, malware researcher at Check Point Research.

"What we found was a new ZLoader campaign exploiting Microsoft's digital signature verification to steal sensitive information of users," he says.

Eisenkraft says Check Point Research first began seeing evidence of the new campaign around November 2021. 

"The attackers, whom we attribute to MalSmoke, are after the theft of user credentials and private information from victims," he says. 

"So far, we have counted north of 2,000 victims in 111 countries and counting. All in all, it seems like the Zloader campaign authors put great effort into defense evasion and are still updating their methods on a weekly basis," Eisenkraft says.

"I strongly urge users to apply Microsoft's update for strict Authenticode verification, it is not applied by default," he adds.

Safety Tips, According to Check Point Research:

  • Apply Microsoft's update for strict Authenticode verification. It is not applied by default.
  • Do not install programs from unknown sources or sites.
  • Do not press on links or open unfamiliar attachments that you get by mail.

 
Check Point Research is the threat intelligence arm of cybersecurity solutions provider Check Point Software. 

Related stories
Top stories
Story image
Wireless
Hands-on review: HyperX Pulsefire Haste wireless mouse and HyperX Pulsefire XL Mat
With its lightweight Pulsefire Haste wireless mouse and RGB lit Pulsefire XL Mat, HyperX sets out to up your game and add a little colour to your desktop.
Story image
Malware
'Alarming' rise in ransomware threats - Verizon report
As criminals look to leverage increasingly sophisticated forms of malware, it is ransomware that continues to prove particularly successful.
Story image
Phishing
WhatsApp and QR codes the next scam threat - report
KnowBe4 has warned it expects to see an increase in QR Codes and the WhatsApp chat platform being used for phishing and other scams. 
Story image
Red Sift
Entrust expands strategic partnership with Red Sift
Entrust has expanded its strategic partnership with Red Sift to make it easier for businesses to adopt Brand Indicators for Message Identification (BIMI) standards for email identification and security.
Story image
Mobility
Tyson Beckford partners with Element Case on new AppleWatch band
Celebrity Tyson Beckford has collaborated with STM Brands' Element Case brand to create a rugged new accessory.
Story image
Getac
Getac and Optalert expand partnership to promote industrial safety
Getac’s ZX70 Android tablets will be used to support Optalert’s Eagle Industrial early-warning drowsiness detection system for use in mining and transportation.
Story image
ChildFund
ChildFund launches new campaign to protect children online
ChildFund says WEB Safe & Wise aims to protect children from sexual exploitation and abuse online while also empowering them to become digitally savvy. 
Story image
Artificial Intelligence
SAS announces new products amid cloud portfolio success
Analytics and AI company SAS is deepening its broad industry portfolio with offerings that support life sciences, energy, and martech.
Story image
Vodafone
Vodafone NZ buys remaining stake in retail joint venture
Vodafone New Zealand has purchased the remaining 50% stake in the specialist joint venture (JV) with private equity company Millennium Corp.
Story image
Phishing
Vishing attacks reach all time high - Agari and PhishLabs
"Hybrid vishing campaigns continue to generate stunning numbers, representing 26.1% of total share in volume so far in 2022."
Story image
Digital Marketing
Similarweb acquires SEO and rank tracking company Rank Ranger
Digital intelligence company Similarweb, which specialises in analysing web traffic, has acquired Rank Ranger, a market leader in SEO and rank tracking.
Story image
Silver Peak
The path to an adaptive, modern network
Managing and securing the network looks different than it did just two years ago—especially given that most of these networks are made up of multi-generations of infrastructure stitched together over time.
Booster
Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
Link image
Story image
Microsoft
New Relic enters multi-year partnership with Microsoft Azure
New Relic has announced a strategic partnership with Microsoft to help enterprises accelerate cloud migration and multi-cloud initiatives. 
Story image
Sustainability
Legrand unveils Nexpand, a data center cabinet platform
Legrand has unveiled a new data center cabinet platform, Nexpand, to offer the necessary scalability and future-proof architecture for digital transformation.
Story image
Digital Transformation
Pluralsight and Ingram Micro Cloud team up on cloud initiative
Pluralsight has teamed with Ingram Micro Cloud to build upon cloud competence and maturity internally, and externally support partners’ capabilities.
Story image
Amazon Web Services / AWS
RedShield leverages AWS to scale cybersecurity services
"Working with AWS gives RedShield the ability to mitigate significant application layer DDoS attacks, helping leaders adopt best practices and security architectures."
Story image
Hybrid Cloud
Barracuda expands cloud-native SASE platform
"The expansion of Barracuda's cloud-native SASE platform for hybrid deployment models and IIoT environments solves a number of challenges."
Story image
Data Protection
Information management capabilities to meet privacy requirements
Organisations with customers or operations across more than one country face a spate of new and proposed privacy and data protection laws.
Story image
Cybersecurity
Comcast to use ThreatQuotient for cybersecurity operations
Comcast, the parent company of NBC Universal and SKY Group, has chosen ThreatQ Platform and ThreatQ Investigations to meet their cybersecurity needs.
Story image
Training
Delinea enhances partner experience with new training initiatives
Delinea has announced a range of training and certification initiatives to help scale the capacity of VARs, System Integrators, MSPs and MSSPs to meet the demand for PAM solutions.
Story image
Ransomware
CERT NZ releases first Cyber Security Insights for 2022
CERT NZ has released Quarter One: Cyber Security Insights 2022, which offers an overview of reports about cybersecurity incidents affecting New Zealanders.
Story image
Ransomware
Alarming surge in Conti Ransomware Group activity - report
A new report has identified a 7.6 per cent increase in the number of vulnerabilities tied to ransomware in Q1 2022.
Story image
Sift
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
Ransomware
Employees on the frontline of cyber defense - report
In the first quarter of 2022, employees found themselves more than ever at the frontline of cyber defense, according to a new report from Kroll. 
Story image
Nozomi Networks
Nozomi Networks, Siemens reveal software integration
Nozomi Networks and Siemens have extended their partnership by embedding Nozomi Networks’ software into the Siemens Scalance LPE local processing engine.
Story image
SaaS
Maintaining secure systems with expectations of flexible work
Most office workers feel they've proved they can work successfully from home, and as much as employers try, things aren't going back to the way they were anytime soon.
Story image
Vectra AI
Vectra’s inaugural Partner of the Year Awards revealed
APAC companies Baidam, Firmus, ShellSoft and Macnica have been recognised in Vectra AI's inaugural Partner of the Year Awards.
Story image
Wireless
Hands-on review: Technics EAH-A800 Noise Cancelling Wireless Headphones
Designed in Osaka, Japan, these headphones just exude quality. They aren’t heavy, but they feel well built and solid.
Story image
Data Protection
Barracuda launches new capabilities for API Protection
"Every business needs this type of critical protection against API vulnerabilities and automated bot attacks," Barracuda says.
Story image
Surveillance
i-PRO releases smallest AI-based surveillance camera on the market
The new i-PRO mini network camera is now available, with a pocket-sized form factor and full AI analytics functionality.
Story image
Manhattan Associates
Shortening the click-to-customer cycle through smart technologies
Speed of delivery without accuracy is a dealbreaker for consumers. How can retailers operating in an omnichannel environment overcome the challenge of click-to-customer cycle times.
Story image
Employment
Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Surveillance
Motorola Solutions acquires Videotec S.p.A for security portfolio
Motorola Solutions has acquired Italian ruggedised video security company Videotec S.p.A, along with its portfolio of highly versatile cameras.
Story image
Sony
Sony launches LinkBuds S - the latest model in the series
Sony says the LinkBuds S will give users a unique sound experience through sensor and spatial sound technology, even in AR games.
Story image
Microsoft
Global cybersecurity insurance market worth $11.5b this year
Future Market Insights finds the cybersecurity insurance market is expected to reach USD$11.5 billion in 2022, growing to $61.2 billion in 10 years.
Story image
Vectra AI
Understanding the weight on security leader’s shoulders, and how to shift it
Millions of dollars of government funding and internal budgets are being funnelled into cybersecurity to build resilience against sophisticated threats, indicating how serious this issue has become.
Story image
Artificial Intelligence
Frost & Sullivan recognises Genesys as leader in new reports
Frost & Sullivan has recognised Genesys as a leader in the cloud contact centre market for its robust cloud and digital capabilities.
Story image
Digital Signage
MAXHUB's Digital Signage range to bolster boardroom productivity
The new MAXHUB Digital Signage technology is purpose-built to make every kind of team meeting more effective.
Story image
Cloud Security
Aqua Security createa unified scanner for cloud native security
“By integrating more cloud native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud native security."
Story image
GapMaps
GapMaps Live to improve brand decisions on physical locations
GapMaps has released its latest service GapMaps Live, giving more insights and features to help brands make better decisions about physical locations.
Story image
Ransomware
APAC ranks third-highest region targeted by ransomware
Asia Pacific has ranked the third-highest region globally to be targeted by ransomware, according to cybersecurity firm Group-IB.
Story image
Gaming
Hands-on review: WD_Black SN770 NVMe SSD Game Drive
Western Digital expands its WD_Black range of NVMe solid-state drives with the WD_Black SN770 Game Drive.
Story image
Wireless
Cradlepoint expands its Cellular Intelligence capabilities
Cradlepoint has announced additional Cellular Intelligence capabilities with its NetCloud service.