The activity of a botnet, a set of devices, responsible for the spread of a banking virus that stole credentials to access bank accounts, has been vanquished.
To dismantle the infrastructure of the Zloader botnet, a set of security and technology companies including Microsoft, Eset, Lumen, Palo Alto Networks.
In a post on his blog, the Microsoft security team, which is currently busy detecting malware related to the conflict in Ukraine, explains that 65 Internet domains have been seized that the ZLoader group used for its activities and has also been identified one of the gang members.
The domains are now directed to a space where they can no longer be used by cybercriminals.
"The court order allows us to take control of 319 other Dga domains (ie automatically generated by algorithms, ed) currently registered. We are also working to block the future registration of this type of domain".
ZLoader is known as a powerful piece of malware that first appeared three years ago.
It was initially a banking Trojan that gave its users the ability to steal login credentials and other data needed to access banking services;
it also managed to disable popular antivirus software, staying on devices much longer than other Trojans.
Then there was the evolution: its creators started selling it as a service, with cybercriminals using ransomware becoming the most common customers.
For example, the ZLoader infrastructure was used by the infamous Ryuk ransomware, used to launch attacks that caused damage for tens of millions of dollars and that hit several US hospitals in the pandemic, blocking their activity.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/B3UGIK2AZZFOZB7VSLLA5GPJM4.jpg)
