Expert Insight: ZLoader Malware Returns As A Coronavirus Phishing Scam

It appears that banking malware ZLoader has returned to the scene. As reported by Cyware, hackers have distributed the malware as part of a coronavirus-related phishing scam and has reportedly been spotted in over 100 email campaigns since the start of this year. According to Cyware, the malware is still under active development with new variants of the code continuing to pop up too. By borrowing select functions from Zeus, the ZLoader malware has successfully stolen data from banking customers across various continents. In the past, threat actors behind ZLoader malware have set their sights on Canadian organizations. This year, though, the group seems to have changed course and seems to be trying to dupe users in the U.S., Germany, Poland and Australia too. The group has done so by leveraging coronavirus-related phishing scams.

Robert Ramsden Board, VP EMEA ,  Securonix
May 29, 2020
Once the public has adequately protected themselves from “Wave 2” tactics, cybercriminals will certainly pivot their attack vectors.
In the last couple of weeks, we have observed a surge in the number of new domains registered that are themed around corona/COVID-19 stimulus or financial recovery, that are being used to maliciously target people. Of these targeted emails, we have seen three clear trends in COVID-19 related phishing attempts:
  • Wave 1: Focused on coronavirus, the symptoms, and how to self-diagno ....
    [Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article