Expert Insight: ZLoader Malware Returns As A Coronavirus Phishing Scam

By   ISBuzz Team
Writer , Information Security Buzz | May 29, 2020 04:33 am PST

It appears that banking malware ZLoader has returned to the scene. As reported by Cyware, hackers have distributed the malware as part of a coronavirus-related phishing scam and has reportedly been spotted in over 100 email campaigns since the start of this year. According to Cyware, the malware is still under active development with new variants of the code continuing to pop up too. By borrowing select functions from Zeus, the ZLoader malware has successfully stolen data from banking customers across various continents. In the past, threat actors behind ZLoader malware have set their sights on Canadian organizations. This year, though, the group seems to have changed course and seems to be trying to dupe users in the U.S., Germany, Poland and Australia too. The group has done so by leveraging coronavirus-related phishing scams.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Robert Ramsden Board
May 29, 2020 12:35 pm

In the last couple of weeks, we have observed a surge in the number of new domains registered that are themed around corona/COVID-19 stimulus or financial recovery, that are being used to maliciously target people. Of these targeted emails, we have seen three clear trends in COVID-19 related phishing attempts:

  • Wave 1: Focused on coronavirus, the symptoms, and how to self-diagnose.
  • Wave 2: Tailored towards the cure/vaccine, disease progress tracking, and tips to engage kids at home.
  • Wave 3: Focused on stimulus checks and impersonation emails with subjects focused on reduction in force, layoff forecasts, and end of work from home/reopen.

This specific instance can be categorised as “Wave 2” because the fraudulent emails were using coronavirus-related prevention tips, testing and invoices to fool users to distribute ZLoader banking malware.

Users should all be aware of these tactics and adjust their security habits accordingly. It is important to be aware of “Wave 3” and the implications that it will bring. Once the public has adequately protected themselves from “Wave 2” tactics, cybercriminals will certainly pivot their attack vectors.

The best way to reduce the likelihood of a phishing campaign wreaking havoc on corporate devices is to educate the workforce about the increase in phishing activity. Some simple preventative tips include:


  • Check the legitimacy of the email sender and email domain before responding.
  • Do not click on links or attachments from unverified senders.
  • Pay close attention to spellings and errors, especially for unusual emails that seem to be coming from executives.
  • Report any suspicious emails to IT immediately.
  • Last edited 3 years ago by Robert Ramsden Board

    Recent Posts

    Would love your thoughts, please comment.x