Zacinlo Malware: Powerful Rootkit Targeting Windows 10

Security researchers from BitDefender released an in-depth analysis of a sophisticated rootkit malware known as Zacinlo. The malware is installed under the guise of a free VPN application called s5Mark that silently installs the Zacinlo malware in the background. Windows 10 systems account for 90 percent of affected users with most victims located in the US, along with France, Germany, Brazil, China, India, and Indonesia. This particular type of malware is rare, but once installed, it can have devastating effects. It provides the threat actor with complete control over the targeted machine’s operating system, can update itself to newer versions, suspend and delete processes, intercept banking transactions, inject advertisements onto webpages, remove any competing malware on the device, and install or uninstall software. Zacinlo can also screenshot the victim’s desktop, forcibly redirect users to malicious webpages, and run a headless browser (non-graphic interface browser) that loads hidden webpages to simulate ad clicks for profit. Rootkits can be particularly difficult to remove because of their deep integration within the operating system. 

The NJCCIC recommends all users and administrators review the BitDefender white paper, run a reputable and updated anti-malware solution on all systems and set to run scans as frequently as possible, only download software and files from legitimate sources, scan all files and programs before installing them, update your operating system and all software as soon as updates become available, avoid opening email attachments or clicking links in unexpected or unsolicited emails, refrain from clicking online ads or pop-ups, and avoid illegitimate or suspicious websites and file-sharing services.