Files in Microsoft may not be as safe as they appear

ZLoader is a popular malware among hackers, and has recently been used to steal user credentials and other sensitive information by exploiting a vulnerability in Microsoft’s digital signature verification.

So how does this affect you?  Microsoft’s signature verification tool Authenticode is used to ensure that a file is legitimate and trustworthy. Researchers at Check Point Research (CPR) have concluded that the cybercriminal group Malsmoke is responsible for this campaign it operates by tricking victims into running a corrupt file that appears to be signed as legitimate and safe. From there, hackers can use the ZLoader trojan banking tool to steal cookies, passwords, and other sensitive information right from your computer.

So, what can you do to avoid being hit with this malware? If you’re a Microsoft user, CPR recommends that you install Microsoft’s security patch for Authenticode verification ASAP. Fortunately, this patch has been available for installation since Microsoft first discovered this vulnerability in 2013- but downloading it has not been mandatory since 2014. This update, as well as common-sense practices like avoiding clicking on unfamiliar links or downloading attachments found in emails, are users’ best lines of defense against this malware. If you’re interested in discussing cybersecurity patches and best practices for your organization, feel free to reach out to us at