The Sophos Managed Threat Response Team recently detected and responded to a Zloader campaign that delivered CobaltStrike and installed Atera Agent for permanent remote access. Over the last year, Zloader MSI files were disguised as installers for remote working applications such as Zoom, TeamViewer, and Discord. Zloader infects users by leveraging malicious web advertising to redirect users into downloading malicious MSI files. Zloader featured VNC remote access capabilities and was offered on the infamous Russian-speaking cybercrime forum exploitin. Recently, Egregor and Ryuk ransomware affiliates used Zloader for the initial point of entry. ![]() Zloader is a banking trojan with historical ties to the Zeus malware.
0 Comments
Leave a Reply. |