Zacinlo: The Cyber Menace Slipping Through Windows

If social media has taught us anything, it’s that the best pictures are candid (or at least, give the impression of being candid; see “plandid”). While candid beauty shots are great for Instagram, candid screenshots of your desktop taken by hackers are definitely no fun. Unfortunately, this could have been happening to you for years—without your knowledge or consent.

This is the frightening reality of Windows users who have fallen victim to Zacinlo, a malware so sophisticated it has evaded cyber security experts since 2012. Here’s what we know so far about this sneaky cyber threat—and how you can protect yourself against similar attacks in future.

Cracking Windows and slipping in undetected

Upon its 2015 debut, Microsoft’s Windows 10 operating system (OS) was widely considered to be the benchmark for cyber security—boasting features that, as one journalist put it, “protect the core kernel from malware and prevent attackers from remotely taking control of the machine.” Throughout the years, Windows 10 has maintained its status as the gold standard of cyber security, but even it proves no match for Zacinlo.

Launched in 2012, the Zacinlo malware was only discovered by Romanian researchers in 2017—and its existence was first made public in June of this year. In an era in which frequent, high-profile security breaches have cyber security specialists on high alert, it’s rare for a cyber threat to go unnoticed for so long—but Zacinlo is a rare breed of malware.

The rootkit malware installs itself on the lowest levels of Windows, where detection is most unlikely. Even if it is detected, Zacinlo disables antivirus and anti-malware programs and writes itself into the Windows registry, rendering attempts to remove it by rebooting or even reinstalling Windows ineffective.

Lurking out of sight, spying from within

Once installed, Zacinlo uploads system data to its command and control server, which removes AV packages, programs that compete with its core adware mission, and any other software that might interfere with its operation. Zacinlo begins serving pop-up ads to the victim’s desktop. In the background, meanwhile, it runs a browser with no user interface. This two-part method tricks the end user into clicking on links that they can’t see, giving Zacinlo the green light to commit ad fraud and install other malware onto their device. All the while, the malware covertly snaps screen captures of user activity and sends it to its server.

As if this weren’t enough, Zacinlo has the ability to set up a man-in-the-middle operation on the victim’s computer, allowing it to siphon off data like logins, passwords, and banking information. It also redirects browser requests and brings the user to fake web pages.

The vast majority of Zacinlo victims (90%) are running Microsoft Windows 10, although a small percentage use Windows 7 or 8. While most are located in the U.S., victims have been identified in other regions of the world, including Western Europe, China, and India.

Protecting yourself from Zacinlo and other threats

What can you do when a cyber menace is cracking Windows and slipping in undetected? Start by strengthening your system’s firewall. A properly configured firewall blocks threats like Zacinlo from entry. And if the malware is already on your device, you can count on your firewall to prevent it from communicating with its command and control server.

If you don’t have a firewall system in place, believe it may be time for an upgrade, or want to ensure that your existing firewall is functioning at full capacity, eMazzanti can help. Our expert team of cyber security and firewall specialists are on hand to keep your OS secure and your most sensitive data safe from prying eyes. To find out more, get in touch today.

Tags: , , ,