The Acronis Threat Research Unit has examined a new version of the Proton ransomware family called Zola. Like earlier variants, Zola checks for admin privileges and prompts users to run the executable file if the check fails. If not halted by a kill switch, it checks for a Persian keyboard layout, generates a unique victim ID, and deletes shadow copies to prevent recovery. The encryption scheme has switched from elliptic-curve cryptography (ECC) and Advanced Encryption Standard (AES) to the ChaCha20 scheme.
New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
An updated version of a malware loader, known as Hijack Loader, has been discovered with new features aimed at evading detection and maintaining persistence. The
