Skip to Content
Zloader malware attacking old Microsoft Windows flaw
© Ammentorp |
Security & privacy

Windows alert: Hackers are using a 9-year-old flaw to break into PCs

Criminals and hackers will always exploit vulnerabilities, but software companies try to stay ahead of them. Tap or click here to see how malware can expose your browser passwords.

A big problem is that malware is constantly being adapted to circumvent any security efforts. Companies like Microsoft and Google can only patch what they know about, and sometimes hackers circle around to exploit old vulnerabilities.

Keep reading to find out how malware is now attacking a flaw in Windows that Microsoft patched years ago.

Here’s the backstory

Malware can be designed to accomplish many things, with the most lucrative goal being able to steal your banking details. A popular malware tool called Zloader has been used in various cyberattacks for years.

Focused on banking, the malicious code is used to steal credentials and personal information through compromised documents, email attachments, and even Google ads. The attacks can also be converted into ransomware, where the victim needs to pay to have their files unlocked.  

Several patches and vulnerability fixes have been released against ZLoader in the past. But a new version of the malware is attacking a flaw that Microsoft patched in 2013.

Check Point Research detailed how the updated campaign uses a patched flaw in Microsoft’s digital signature verification system to bypass detection. To gain access to a system, hackers must trick a user into installing a real remote IT management tool called Atera.

But the dynamic-link library file (or .dll) of the tool has been compromised with ZLoader. Any computer will automatically check the file’s digital signature, but because of the vulnerability, the malware won’t be flagged. The file will get a clean bill of health from Windows Defender as it has Microsoft’s genuine signature attached.

What you can do about it

Check Point Research notes that 2,170 unique IP addresses have downloaded the compromised Atera file. The majority (864) is located in the U.S., while Canada has around 300 infections, and India has 140.

You would need to have downloaded the compromised Atera file for your PC to be impacted by this malware. A patch to the Windows flaw has been available since 2014, but it isn’t easy to install manually. Another problem with the patch is it has a high possibility of triggering false positives on legitimate files.

That’s why we don’t recommend installing it. If you’d like to see the steps to install the patch manually, click here and scroll to the Safety Tips section.

Keep reading

This messaging app with 500K+ downloads is hiding malware that steals your money

Millions of routers from Netgear, Linksys, D-Link and more are at risk of malware attack

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook