Rootkit based Adware Zacinlo
News | 06/19/2018

Rootkit based adware Zacinlo infects Windows 10 PCs across US!

About: Rootkit based adware Zacinlo infects windows 10 systems and displays unwanted ads even in HTTPS secured pages. It can intercept user’s banking sessions and transfer currency to other accounts. It uses a free VPN as a front to download and install i...  Read More  

| News | Rootkit based adware Zacinlo infects Windows 10 PCs across US!

Rootkit based adware Zacinlo infects Windows 10 PCs across US!

Windows 10 was considered the best OS in terms of its improved security features during its release in 2015. Windows 10 was deemed immune of Rootkit attacks but a recent development has brought the Rootkit based adware Zacinlo to light.

Many Windows 10 PCs in the US were infected by the Zacinlo adware which is a rootkit based malware component. Even after reinstalling the OS this rootkit component persists itself in the system. Zacinlo adware infection was specifically designed to infect Windows 10 Systems as more than 90% affected systems were running Windows 10.

The Rootkit based adware Zacinlo component hides itself in a free VPN service named (S5mark) which is just a carrier for this virus. While the user thinks that he/she is installing a free VPN proxy, The S5mark is only a Front for the Zacinlo modules and doesn’t do anything regarding VPN but installs the Rootkit.

s5mark VPN for Rootkit based adware Zacinlo

The rootkit is the most important module amongst all the other modules to make sure that the malware infects the system for a long period of time.

The Zacinlo virus had already been marked as a PuP (Potentially unwanted Program) by various antivirus software definitions. This defends itself from being detected, stopped or deleted by stopping processes that can be used to hamper its operations.

This adware has the capabilities to silently insert ads into any webpage even the secured HTTPS pages. It uses Man in the Middle (MitM) module to intercept banking transactions and payment sessions. The rootkit based adware tracks the local system info and sends it to a remote C&C server. The hacker can then control the system and uninstall services that can be used to remove the adware from the system.

The module to grab the screenshots of the victim’s system is the most dangerous as it can grab screenshots of sensitive information that the user has entered on his/her PC. This screenshot can be of email username, passwords, banking sessions, private chats, browsing sessions, personal photos etc. this feature is often found in trojans

The Zacinlo adware runs a browser in the background to load web pages and click on ads to cause clickfraud and clickjacking. It has an update component that is used to upgrade the rootkit with newer versions of it that can install new software and forcibly navigate the users to unknown links and web pages.

Hits: 80

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Jaipur
Rajasthan 302033
Phone: +91 9799661866