Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet’s infrastructure was dismantled in April 2022.

A new variant of the malware is said to have been in development since September 2023, Zscaler ThreatLabz said in an analysis published this month.

“The new version of Zloader made significant changes to the loader module, which added RSA encryption, updated the domain generation algorithm, and is now compiled for 64-bit Windows operating systems for the first time,” researchers Santiago Vicente and Ismael Garcia Perez said.