Over 2K victims hacked via Microsoft signature verification including in India

New Delhi, Jan 5 (IANS): A new campaign exploited Microsoft's digital signature verification to steal user credentials and sensitive information of over 2,000 victims in 111 countries, including India, and counting, a report said on Wednesday.

According to Check Point Research (CPR), the malware has claimed 2,170 unique victims. Most victims reside in the US, followed by Canada and India.

"People need to know that they can't immediately trust a file's digital signature," Kobi Eisenkraft, Malware Researcher at Check Point, said in a statement.

"What we found was a new ZLoader campaign exploiting Microsoft's digital signature verification to steal sensitive information of users. We first began seeing evidence of the new campaign around November 2021," Eisenkraft added.

CPR attributes the campaign, which traces back to November 2021, to the cybercriminal group Malsmoke, which placed significant effort into evasion methods.

"The attackers, whom we attribute to MalSmoke, are after the theft of user credentials and private information from victims. So far, we have counted north of 2,000 victims in 111 countries and counting," said Eisenkraft.

ZLoader is known to be a tool in delivering ransomware. It has been known to deliver ransomware in the past and came to CISA's radar in September 2021 as a threat in the distribution of Conti ransomware.



Top Stories

Leave a Comment

Title: Over 2K victims hacked via Microsoft signature verification including in India

You have 2000 characters left.


Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.