Zacinlo Rootkit Update: Adware Is Maintaining Persistence Across OS Reinstalls

The main perk of Windows 10 when it was released back in 2015 was its improved security features which made it hard for the rootkits to maintain persistence in the new Windows installs but after three years a group of researchers from Bitdefender have found a strain of RootKit named Zacinlo that is currently using the rootkit component to gain persistence over multiple Windows re-installs.

A recent survey revealed that 90% of Zacinlo’s victims are Windows 10 users and it was intentionally developed to target the those users. The Zacinlo group has been active since 2012 and has been distributing the malware all this time. The distribution had a massive surge in 2014 to 2018. In the past few years, the developers of Zacinlo developed a Rootkit component that will work on Windows 10.

“The adware components are silently installed by a downloader that is presented as a free and anonymous VPN service (s5Mark),” Bitdefender experts wrote in a 104-page report detailing Zacinlo’s modus operandi and all of its modules released today.

Zacinlo was categorized as Potentially Unwanted Program (PUP) the infection survives even after reinstalling Windows operating system. The rootkit also comes loaded with man-in-the-middle attacks to intercept traffic even from the HTTPS which could tamper with the banking sessions. The rootkit also has the regular adware components that are used to harvest the data in the local system and receive the commands from the server. The rootkit also has a component that actually takes a screenshot of the victim’s computer.

“This functionality has a massive impact on privacy as this screen captures may contain sensitive information such as e-mail, instant messaging or e-banking sessions,” Bitdefender says.

The rootkit also comes with a self-upgrade feature which helps it to update itself to the latest version of the software. The rootkit strain has been found in US, France, Germany, Brazil, China, India, Indonesia and the Philippines.

Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil