More sophisticated attack techniques have been integrated into the updated version of the Zloader malware also known as Silent Night, DELoader, and Terdot distributed in a campaign almost two years after the botnet had its infrastructure disrupted, according to The Hacker News.
Major loader module modifications have been done for the new Zloader version, including 64-bit Windows operating system support, RSA encryption, and a new domain generation algorithm, a report from Zscaler ThreatLabz revealed. Moreover, operators of Zloader have also sought to bypass detection and analysis through string obfuscation and junk code.
"Zloader was a significant threat for many years and its comeback will likely result in new ransomware attacks. The operational takedown temporarily stopped the activity, but not the threat group behind it," said researchers.
Such findings follow a Red Canary report detailing the mounting distribution of the Zloader, NetSupport RAT, and FakeBat payloads through MSIX files since July.
Utilization of Slack will be halted across most of Disney's businesses by the end of the year, said Disney Chief Financial Officer Hugh Johnston in a report in the Status media newsletter.
Attacks involved the utilization of Amazon S3 bucket and Content Delivery Network-hosted sites spoofing Google CAPTCHA pages and other verification sites, which include instructions that trigger a malicious PowerShell command downloading Lumma Stealer and proceeding with the exfiltration of sensitive device data.
Some of the 340 GB of sensitive data purportedly stolen from the City of Pleasanton, including names, birthdates, credit card numbers, and other personal and corporate financial information, have already been exposed by Valencia.