- Feb 4, 2016
- 2,520
When it was released back in 2015, one of the main perks of Windows 10 was the improved security features that made it harder for rootkits to get a foothold on Microsoft's new OS.
But three years later, security researchers from Romania-based antivirus vendor Bitdefender have detailed the operations of an adware strain named Zacinlo that uses a rootkit component to gain persistence across OS reinstalls, a rootkit component that's even effective against Windows 10 installations.
In fact, researchers say that 90% of all Zacinlo's recent victims are Windows 10 users, showing that crooks intentionally designed their "product" to work against Microsoft's latest OS.
"The adware components are silently installed by a downloader that is presented as a free and anonymous VPN service (s5Mark)," Bitdefender experts wrote in a 104-page report detailing Zacinlo's modus operandi and all of its modules released today.
Zacinlo has some pretty dangerous privacy intrusive features
Besides the rootkit, Zacinlo also comes with a module for carrying out man-in-the-middle (MitM) attacks to intercept traffic, even HTTPS one. While this feature could allow it to intercept banking sessions and tamper with online payments, Zacinlo has been using this feature mainly to injects ads into any web pages it wants.
Another module that stands out is one that can detect and remove competing adware. Bitdefender says this module isn't very advanced, but is something not seen in most adware families.
Zacinlo used mainly for clickjacking and ad fraud
Further, Zacinlo also comes with a self-update feature to upgrade its components with new versions, the ability to install any software it wants on the victims' systems, a "redirector" module to make users forcibly navigate to a web page, and an ad replacer to push its own ads part of affiliate schemes into users' browsing sessions.
Last but not least, Zacinlo also runs a Chromium-based headless browser in the background where it loads web pages and ads on which it silently clicks to generate profits for crooks.
Overall, this is a dangerous threat that's been silently spreading for the least six years, and most of its victims have been spotted in the US, with others also seen in France, Germany, Brazil, China, India, Indonesia, and the Philippines.