The ZLoader malware has been spotted in more than 100 email campaigns since the beginning of 2020. The trojan is still under active development, with 25 versions seen so far since its comeback in December 2019.
In May 2020, several malspam campaigns from multiple actors were observed using PDF files that link to a Microsoft Word document laced with macro code that downloads and runs a version of the ZLoader. This distribution is different from the original variant observed between 2016 and 2018.
In April 2020, an email campaign was observed spreading password-protected Excel sheets and a message about a family member, colleague, or neighbor who contacted COVID-19 while claiming to provide information on where to get tested. The Excel sheet utilized Excel 4.0 macros to download and execute the ZLoader version 220.127.116.11.
In March 2020, some fraudulent email lures were spotted using a variety of subjects, including COVID-19 scam prevention tips, COVID-19 testing, and invoices intended to distribute the ZLoader banking malware.
Scammers are using the leaked code of Zeus malware to steal data from banking customers across multiple continents. With this code available, new Zeus variants have continued to pop up. It points to the effectiveness of Zeus, as its ..