A new campaign exploited Microsoft’s digital signature verification to steal user credentials and sensitive information of over 2,000 victims in 111 countries, including India, and counting, a report said on Wednesday.
According to Check Point Research (CPR), the malware has claimed 2,170 unique victims. Most victims reside in the US, followed by Canada and India.
“People need to know that they can’t immediately trust a file’s digital signature,” Kobi Eisenkraft, Malware Researcher at Check Point, said in a statement.
“What we found was a new ZLoader campaign exploiting Microsoft’s digital signature verification to steal sensitive information of users. We first began seeing evidence of the new campaign around November 2021,” Eisenkraft added.
CPR attributes the campaign, which traces back to November 2021, to the cybercriminal group Malsmoke, which placed significant effort into evasion methods.
“The attackers, whom we attribute to MalSmoke, are after the theft of user credentials and private information from victims. So far, we have counted north of 2,000 victims in 111 countries and counting,” said Eisenkraft.
ZLoader is known to be a tool in delivering ransomware. It has been known to deliver ransomware in the past and came to CISA’s radar in September 2021 as a threat in the distribution of Conti ransomware.