ZLoader is also known as Terdot, DELoader, that loads the Zeus malware on victim machines after initial infection is a banking trojan. Like other banking trojans, It’s core capability is to harvest online account credentials for online banking sites (and some other services). When infected users land on a targeted online banking portal, malware dynamically fetches web injections from its command-and-control (C2) server to modify the page that the user sees, so that the information that the user enters into the log-in fields is sent to the cybercriminals.
Attackers are found targeting victims with Invoice themed spear phishing malicious documents, in order to infect them with ZLoader. The usual target is financial institutions and banks. Indicators of compromise are given in the alert.