HACKERS are exploiting a Microsoft e-signature flaw that allows them to steal personal data and install a virus, affecting thousands of users.

Around 2,100 people have been affected by the virus, known as ZLoader, and researchers believe the hackers’ latest campaign started in November last year.

Cybercriminals are exploiting a Microsoft e-signature flaw that allows them to steal personal data affecting users across the world

1

Cybercriminals are exploiting a Microsoft e-signature flaw that allows them to steal personal data affecting users across the worldCredit: Getty

Victims in the US and Canada have been impacted but the malware has been identified in 111 countries.

ZLoader is known to have delivered banking trojans in the past, ZDNet reports.

Cybercriminals use software known as Atera to infect systems.

Atera appears to show a fake Java installer but hackers are installing an agent that’s connected to users’ devices.

Files that target Windows Defender and another which launches ZLoader are added to computers.

It stops alerts being issued by the cybersecurity tool and appears to exploit a flaw within Microsoft’s e-signature verification system.

Most read in Tech

Kobi Eisenkraft, a malware researcher at Check Point, said: “People need to know that they can’t immediately trust a file’s digital signature.

“What we found was a new ZLoader campaign exploiting Microsoft’s digital signature verification to steal sensitive information of users.”

Microsoft appeared to address the bug in 2013 but a year later tech bosses turned the patch into an opt-in feature.

Researchers said: “This fix is disabled by default, which is what enables the malware author to modify the signed file.”

A Microsoft spokesperson told ZDNet: “We released a security update (CVE-2013-3900) in 2013 to help keep customers protected from exploitation of this vulnerability.

“Customers who apply the update and enable the configuration indicated in the security advisory will be protected.

“Exploitation of this vulnerability requires the compromise of a user’s machine or convincing a victim to run a specially crafted, signed PE file.”

HACK FEARS

Eisenkraft said: “It seems like the ZLoader campaign authors put great effort into defense evasion and are still updating their methods on a weekly basis.”

It comes just months after Microsoft warned that ZLoader is being spread through Google keyboard advertisements to infect vulnerable computers.

Americans were also warned to update their computers after the “CVE-2021-44228” flaw in the software Apache Log4j was found as a vulnerability in credential-stealing malware.

Windows 10 users were warned about around 60 vulnerabilities that were found by researchers.

One flaw that was discovered was the CVE-2021-43890 – a spoofing vulnerability in the Windows AppX installer that can be used to deliver malware.

This malicious software package gets installed unsuspectingly by users when they open infected documents.

Microsoft said they are aware of the vulnerability and researchers are working to address the issue.

Chad McNaughton, of Automox, warned that organizations should take action to “remediate” their systems as the exploitation is “active”.

The Sun has approached Microsoft for comment.

Warning about FAKE Microsoft emails here are the red flags to watch to protect your device

This post first appeared on Thesun.co.uk

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Google warns billions of phone owners to look for four ‘dangerous’ phrases – you could lose everything

GOOGLE users have been urged to keep their eyes peeled for dangerous…

DoorDash Joins the Instant Delivery Game—With Employees

DoorDash said Monday it’s doing something different in New York City: It’s…

35 Best Cyber Monday Headphone Deals (2022): Earbuds, Headphones, Speakers, Record Players

I’m the anti-hero Taylor Swift sings about. I listen to the same…

Don’t Worry, It’s Just ‘Fire Ice’

The finding suggests that far more fire ice is vulnerable to climate-induced…