The search for the electronic signature continues.  Poles are among the victims

Cybersecurity analysts from Check Point Research have discovered a new campaign for cybercriminals that uses verification Microsoft e-Signature. To date, its victims have been more than 2,170 people from 111 countries. Most of those infected come from the United States (40%) and Canada (14%). Turns out they were also among the victims Polish users (less than 1%).

Check Point Research experts attribute the campaign to the cybercriminal group MalSmoke, which used a well-known Trojan to carry out the operation ZLoader. This tool has so far been used in attacks on electronic banking, while since September 2021 it has been on the radar of CISA (US Cybersecurity and Infrastructure Security Agency) as a distributor of Conti Ransomware and various strains of Ryuk ransomware.

Please note that you cannot trust the digital signature of the file immediately. What we found was a new ZLoader campaign that uses Microsoft’s digital signature verification to steal users’ sensitive information. We started noticing the first evidence of a new campaign around November 2021. It targets the attackers we’ve linked to the MalSmoke group Theft of victims’ credentials and private information. So far, we have counted more than 2,000 victims in 111 countries. The authors of the Zloader campaign seem to have gone to great lengths to avoid security systems and update their methods every week, notes Kobi Eisenkraft, a malware researcher at Check Point Research.

The attack begins with the installation of a legitimate remote administration program pretending to be a Java installation. After it is made, the attacker does Full access to the system It is able to upload/download files as well as run scripts. The attacker sends and runs several scripts that download successive scripts that run mshta.exe with appContast.dll as a parameter. The appContast.dll file is signed by Microsoft, although more information has been added to the end of the file. The added information causes the final Zloader to download and launch, which Steals user credentials and victim information.

Check Point Research reported their findings to Microsoft and Atera. The company has also issued a recommendation to use a Microsoft update to thoroughly check the authentication code. Unfortunately, it is not implemented by default. At the same time, experts warn against installing programs from unknown sources or sites and not clicking on unknown links and attachments that you receive by mail.


Press INTERIA.PL/Informacja

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

PS Plus Extra and Premium November 2022 – Skyrim to Save the Service

message Toys November 9, 2022, 18:39 We found out what…

Russians can download software for Intel devices again. The company issued an official statement

Intel withdrew from Russia as a result of the invasion of Ukraine…

Battlefield 2042 is a ‘big disappointment’? EA is said to be considering switching to the F2P model

After a long silence, DICE has begun more work on Battlefield 2042,…

WhatsApp will stop working on these phones on February 1! Below is the list of smartphones – check [01.02.2023]

WhatsApp will stop working on many phones as of February 1, 2023!…