ZLoader experienced the wrath of Microsoft’s Digital Crimes Unit after it had taken down multiple domains owned by the botnet used as its command-and-control server. The domain takedowns were made possible by Microsoft DCU after it joined forces with several security researchers.
According to them, the task given to them by their superiors was more straightforward than their previous operations since they were aided by other groups who were also monitoring the Zloader botnet.
The DCU was instructed to hunt down the domains used by the ZLoader.
A court order allowed the Microsoft DCU to take down 65 hardcoded domains utilised by the ZLoader as its command-and-control servers. The court also asked the security team to disrupt approximately 319 domains that belonged to the mentioned botnet since it was registered through a domain generation algorithm.
Moreover, the researchers indicated that an individual named Denis Malikov, residing in Simferopol, is behind the development of a component utilised by the threat actors in the ZLoader botnet to distribute ransomware.
The ZLoader botnet is used to breach several banking institutions, especially in Canada, the United States, Brazil, and Australia. It is also reported to have harvested financial data by utilising web injections to deceive bank clients into handing out credentials and authentication codes.
The botnet has been rampaging across cyberspace for the past few months. Its operators are still upgrading their strategies and tools to keep their threat campaigns as efficient as possible.
In the first month of 2022, the ZLoader campaign abused the Microsoft signature verification. It was deployed by a threat group named Malsmoke and infiltrated numerous victims across more than a hundred countries worldwide.
The campaign was spotted adopting an elusive spreader mechanism to target German and Australian banking customers using a signed dropper.
The collaboration of the government sector and private firms has once again taken down a dangerous botnet. Therefore, the joint forces of these security teams imply that it is effective for researchers to collaborate since it is easier to track down malicious entities.
