More Nefarious Strain of Zacinlo Malware Infecting Windows 10 Machines

A new type of malware that is starting to spread to Windows 10 computers bypasses the operating system’s built-in security and implants itself so firmly that it’s extremely difficult to remove. A description of the latest version of the Zacinlo malware sounds like a nightmare scenario for your security team. It’s rootkit malware that installs itself on the lowest levels of Windows where detection is extremely difficult to detect. Even if it’s detected Zacinlo disables anti-virus and anti-malware packages so it can’t be quickly purged from the system.  It also writes itself into the Windows registry so attempts to remove it by rebooting or even reinstalling Windows won’t get rid of it. Once Zacinlo gets into your system, it uploads your system information to its command and control server which then commands it to remove anything that’s considered a threat. This will include any AV packages, but also anything that competes with its core adware mission as well as any other software that might interfere with its operation. Once Zacinlo is in your system, it begins serving ads to your desktop that simply appear, and about which you can do nothing. Meanwhile, in the background it’s running a browser with no user interface, so it can quietly click on links you can’t see, which can be used for ad fraud, but also to install other malware. Meanwhile, Zacinlo is quietly snapping screen captures and sending whatever is on your screen to its command and control server. While it’s sending data to its servers, the malware also has the ability to set up a man-in-the-middle operation in your computer, so it can siphon off things like logins and passwords as well as banking information. If that’s not enough, it can redirect browser requests, taking you to fake web pages.