This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
IBM Security researchers have discovered a new form of overlay malware targeting online banking users. Dubbed ZE Loader, is a malicious Windows application that attempts to obtain financial data from victims by establishing a back door connection. However, unlike the typical banking Trojans, the ZE loader employs multiple stealth tactics to remain hidden, and stores permanent assets on infected devices.
The malware is targeting banks, online payment processors, and cryptocurrency exchanges and is able to interact with the victim’s device in real-time, thereby greatly enhancing the finesse of the whole operation. Once the victim falls into the trap, the attacker is notified in real-time and can take over the system remotely. Upon installation, the malware performs the steps listed below:
• It ensures that the Trojan is running with administrator permissions.
• It establishes a Remote Desktop Protocol (RDP) connection to the command-and-control server.
• ZE Loader enables multiple RDP connections on the infected device by exploiting with the Windows Registry.
• The malware also designs a new user account with the name Administart0r and password 123mudar.
Newly Discovered ZE Loader Targets Online Banking Users