May 1, 2024 at 07:12AM
The ZLoader malware, resurfaced after a two-year hiatus, has evolved with new anti-analysis features that make it harder to detect and analyze. It now restricts execution to the infected machine and employs techniques to avoid running on different hosts. Additionally, threat actors are utilizing fraudulent websites to spread malware through black hat SEO techniques.
Key takeaways from the meeting notes:
1. ZLoader malware, also known as Terdot, DELoader, or Silent Night, has resurfaced with updated features after a nearly two-year hiatus.
2. The latest version of ZLoader introduces an anti-analysis feature that restricts its execution to the infected machine by using a Windows Registry check for a specific key and value. This technique makes it more challenging to detect and analyze the malware.
3. Zscaler researchers have observed the use of fraudulent websites hosted on popular legitimate platforms to spread stealer malware, with a focus on manipulating search engine results to increase the likelihood of infecting user systems.
4. Additionally, email-based phishing campaigns have been targeting organizations with Taskun malware, which acts as a facilitator for Agent Tesla, primarily in the U.S., Turkey, Mauritius, Israel, Russia, and Croatia.
Overall, the meeting notes highlight the evolving tactics of threat actors in spreading and executing malware, with an emphasis on increased stealth and sophistication in their approaches.