Windows 10 was considered the best OS in terms of its improved security features during its release in 2015. Windows 10 was deemed immune of Rootkit attacks but a recent development has brought the Rootkit based adware Zacinlo to light.
Many Windows 10 PCs in the US were infected by the Zacinlo adware which is a rootkit based malware component. Even after reinstalling the OS this rootkit component persists itself in the system. Zacinlo adware infection was specifically designed to infect Windows 10 Systems as more than 90% affected systems were running Windows 10.
The Rootkit based adware Zacinlo component hides itself in a free VPN service named (S5mark) which is just a carrier for this virus. While the user thinks that he/she is installing a free VPN proxy, The S5mark is only a Front for the Zacinlo modules and doesn’t do anything regarding VPN but installs the Rootkit.
The rootkit is the most important module amongst all the other modules to make sure that the malware infects the system for a long period of time.
The Zacinlo virus had already been marked as a PuP (Potentially unwanted Program) by various antivirus software definitions. This defends itself from being detected, stopped or deleted by stopping processes that can be used to hamper its operations.
This adware has the capabilities to silently insert ads into any webpage even the secured HTTPS pages. It uses Man in the Middle (MitM) module to intercept banking transactions and payment sessions. The rootkit based adware tracks the local system info and sends it to a remote C&C server. The hacker can then control the system and uninstall services that can be used to remove the adware from the system.
The module to grab the screenshots of the victim’s system is the most dangerous as it can grab screenshots of sensitive information that the user has entered on his/her PC. This screenshot can be of email username, passwords, banking sessions, private chats, browsing sessions, personal photos etc. this feature is often found in trojans
The Zacinlo adware runs a browser in the background to load web pages and click on ads to cause clickfraud and clickjacking. It has an update component that is used to upgrade the rootkit with newer versions of it that can install new software and forcibly navigate the users to unknown links and web pages.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.