Zacinlo

Posted: July 5, 2018

Zacinlo Description

Zacinlo is a rootkit with both covert adware and spyware features, with the emphasis on the former. It may generate 'invisible' advertisements in hidden windows or hijack preexisting advertising content on your browser's Web pages. Since this threat is highly invasive and has sophisticated stealth features, any users suspecting its presence should boot their PCs from recovery disks or USBs before uninstalling Zacinlo with an updated anti-malware tool.

The Adware You will not See While It Works

Although the Venn diagram of adware and rootkits consists of two rarely overlapping circles, sometimes, malware experts find rootkit-based threats that do include some unsafe advertising features. One of the elderly and most important of these rootkits to date is Zacinlo, which is over half a decade old but has been evading threat databases for years, thanks to its sophisticated stealth features and limited distribution.

Zacinlo is installing itself through fake Virtual Private Network or VPN software, which imitates the network virtualization features while serving as a delivery vehicle for the rootkit, and may be taking advantage of corrupted advertisements for exposing itself to new PCs. The rootkit, which malware analysts are confirming as being compatible with most versions of Windows, is dominant on Windows 10 systems particularly and includes features for passing information over to a Command & Control server, anti-security defenses and loading non-consensual advertisements.

Zacinlo, like any good rootkit, loads automatically and silently, and can run the following attacks, among others:


  • Hidden background windows provide undetectable locations for Zacinlo's loading of additional advertisements, with the money going to affiliates that include, presumably, the rootkit's threat actors.
  • Zacinlo also monitors any normally-loading Web pages for advertising content, which it may replace with its ads.
  • Threat actors also have some access to the PC's confidential information via screenshots, which Zacinlo takes automatically.
  • Zacinlo also may uninstall or install other programs at will, as per the instructions of its C&C server.

Taking Care of the Ads That You Can't See

While invisible advertisements may sound like a non-problem to some users, Zacinlo's ad-loading features can expose the PC to other, malicious content, including infection vectors for other threats. Its capacity for collecting confidential information also is potentially high, even though it takes a 'support role' in the rootkit's payload, and malware analysts have yet to observe the inclusion of any keylogging or Man-in-the-Middle attacks. Finally, like all rootkits, Zacinlo infections have significantly detrimental implications for the PC's security.

In spite of its age, Zacinlo is maintaining an active development status, and its authors are removing and adding features frequently. The rootkit's peak distribution, so far, dates to late 2017. The users can block advertisements and avoid unsafe VPN-themed downloading resources for protecting themselves, and many anti-malware products should block its infection vectors by default. Users believing their PCs compromised should use an emergency boot-up device to circumvent the rootkit before removing Zacinlo with a suitable anti-malware product.

Adware being as harmful as Zacinlo, which leverages its technical prowess for working around preexisting security solutions, is a rarity. With even the latest versions of Windows at risk, there's all the reason in the world to watch what you expose your browser to on the Web.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Zacinlo may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.