Zacinlo

Zacinlo is adware that seems to be enabled to use rootkits. It is difficult to determine the danger's level and characteristics of Zacinlo because of the way it combines spyware features with how it intrudes on the victim's computer. Zacinlo was first observed publicly on June 19, 2018. However, PC security researchers have noted that Zacinlo has been active since at least 2012 and there are more than 2,500 different samples of Zacinlo detected already. Zacinlo is being updated and developed constantly and the people developing it have been keeping ahead of new detection methods to keep Zacinlo relevant and capable of attacking computer users. Nearly all Zacinlo attacks are being carried out on computers using Windows 10 currently and are located in the United States, India, Europe and China.

How Zacinlo is Distributed

The main way in which Zacinlo is delivered to the victim's computers is through a fake Virtual Private Network (VPN) client. This fake VPN will take over the victim's computer and install the Zacinlo rootkit on the victim's computer. This rootkit will affect the victim's anti-virus software and operating system. Zacinlo has 25 different modules that can be used to carry out a wide variety of attacks, ranging from displaying advertisements on the victim's computer to monitoring the victim's computer and activities. For example, Zacinlo can be used to take screenshots of the infected computer. Zacinlo is quite advanced, and there seems to be a large budget and infrastructure controlling Zacinlo. Currently, PC security researchers suspect that the actors controlling the Zacinlo bots have made hundreds of thousands of dollars in earnings, at the very least.

Zacinlo’s General Features

Zacinlo can record data and display advertisements on the victim's computer. Zacinlo can interfere with the victims' Web browsers to carry out its attack. Zacinlo will generate hidden Web browser windows and simulate clicks on various online advertisements as a way of inflating their ad-revenue artificially. Zacinlo will communicate with its Command and Control servers every day and relate information about the infected computer. Since Zacinlo will gather information about the victim's browsing habits, Zacinlo will deliver custom advertisements matching the victim's profile. Zacinlo's screenshots will be sent to the Zacinlo's Command and Control servers to carry out a variety of attacks. These attacks could be used to collect login information for online accounts or other data. Zacinlo also is capable of interfering with legitimate anti-virus software or with the Windows features designed to protect the computer users. For example, Zacinlo will interfere with the infected computer's Windows Firewall. One surprising aspect of Zacinlo is that Zacinlo will remove competing adware on the affected computer. Zacinlo has detection rules for generic adware, meaning that Zacinlo will eliminate its competitors to ensure that it receives the bulk of the revenue from the infected computer.

Dealing with a Zacinlo Infection

Because Zacinlo uses rootkit techniques in its attack, removing this threat is not straightforward. PC security researchers recommend that computer users seek help from a certified computer technician to ensure that all components associated with Zacinlo are removed from an infected computer completely. Zacinlo can be removed using GRUB Rescue Mode on the infected computer and then using a specific anti-rootkit tool designed to deal with threats like Zacinlo. Because of the Zacinlo's advanced features, many generic anti-virus programs are not capable of removing threats like Zacinlo. However, if your security software has anti-rootkit properties and is fully up-to-date, it may be capable of dealing with Zacinlo.