Zloader malware

Zloader is banking malware designed to steal user credentials and private information. It's back with a sophisticated new infection chain. Previous Zloader campaigns, which were seen in 2020, used malicious documents, adult sites and Google ads to infect systems.

Evidence of the latest campaign was first seen around early Nov'21. To gain access to a system, the hackers trick users into installing a compromised version of Atera, which is legitimate enterprise remote monitoring and management software designed for IT use.

The malware then exploits Microsoft’s digital signature verification method to inject its payload into a signed .dll file and evade the system’s defenses. The Zloader hackers are updating their methods on a weekly basis.

Pay attention if you use and/or recently installed or updated Atera.

Read more here.  (Caveat: it's geeky)