A sneaky and persistent malware has surfaced which spams Windows 10 PCs with ads and takes screenshots to eventually send it to the attackers.
Security researchers at Bitdefender found this malware named Zacinlo which first appeared in 2012. About 90% of Zacinlo’s victims are from the US running Microsoft Windows 10. There are other victims too from Western Europe, China, and India with a small fraction running Windows 7 or 8.
How does Zacinlo infect PCs?
Zacinlo is delivered through rootkit bundled with a “free VPN application” which allows it to sneak in easily. Once downloaded, the fake application acts as a VPN on the surface while downloading files and delivering the final Zacinlo payload in the background.
The malware has advanced abilities such as installing itself on a targeted system, spamming with ads whenever the victim opens a website, initiating multiple browser sessions.
It also replaces legitimate ads on a website to display ads developed by the attackers and clicks through them to generate ad revenue. In fact, it can wipe out any other adware already present on the device to eliminate competition.
What’s more troubling is that Zacinlo can take screenshots of the desktop and send it to attackers. Consequently, it poses the risk of sensitive information like login credentials, photos, videos, etc., falling into the wrong hands.
How to prevent it?
A fake free VPN service called s5Mark has been identified as a carrier of this malware. Zacinlo can run smoothly on popular browsers like Chrome, Firefox, Opera, Safari, Edge, Internet Explorer, etc. and install payload to hijack secured web connections via MITM attack methods. So, researchers have advised Windows users to avoid installing unknown or suspicious third-party apps and refrain from visiting unknown websites.
