Taking the form of an adware sneaked into users' PCs without their knowledge, the malware identified by Bitdefender's cyber security specialists runs invisible ads on compromised PCs, causing significant loss to companies by exposing advertisements to fictitious audiences
After infecting the user's computer, the threat, called Zacinlo, opens multiple browser sessions and loads ad banners, simulates clicks from the victim, or changes the ad content on the pages they visit with their own ads, which generates substantial revenue . Companies that allocate advertising budgets for different online campaigns where payment is made to the audience they are paying pay without commercial messages reaching real people, without producing the expected impact
Zacinlo is installed on the system with administrator privileges, which allows him to protect himself from the processes that endanger his operation and prevent any attempt to be stopped or deleted. These rootkit capabilities are extremely rare and account for less than 1% of all the commonly encountered computer threats. Therefore, because of the deep integration with the operating system, removing it becomes very difficult
Zacinlo uses a variety of platforms to replace ads, including Google AdSense, and has the ability to remove competition from the infected computer by removing the other forms of adware on the system. In addition, the computer threat extracts detailed information about the infected computer about the installed security solution and the applications and programs running on the device. Starter also makes screenshots and sends them to the command and control center for analysis. This functionality has a massive impact on users' intimacy, as print screens can contain sensitive information such as emails, private messages, or e-banking sessions.
Zacinlo also shuts down the antivirus application on the infected computer, leaving an advanced scan of the device outside the operating system – the so-called save mode or rescue mode – as the only diagnostic and devirusing method
Adware is installed on your computer by downloading a free and anonymous VPN service (s5Mark) from an installation kit. Less technical users are told that a VPN connection is established without this ever happening.
Most samples of the Zacinlo computer threat have been identified in the United States, followed by Europe, Brazil, China and India. About 90% of the devices where Zacinlo was identified were running on the Windows 10 operating system. The campaign would have started in 2012, but the Bitdefender specialists noticed a peak of adware activity at the end of 2017 and early 2018.