The cybercriminals launched new cyberattacks using the Zloader malware, which were marked with more sophisticated infection chain this time. In particular, the malware now disables the pre-installed Microsoft Defender (previously known as Windows Defender) antivirus to evade detection.

The attackers also changed the malware delivery vector: now they use TeamViewer ads on Google instead of phishing or spam. Once the user clicks on the link, it will redirect to fake download site. As a result, the victim will download a signed malicious MSI installer designed to install Zloader on the system.

Source: anti-malware.ru