Necurs Botnet Goes Phishing for Banks

Dr. Eduardo Rocha Senior Solutions Engineer & Security Analyst @ GlobalDots
1 Min read

A new Necurs botnet campaign targets thousands of banks with a malicious file dropping the FlawedAmmyy remote-access Trojan.

Reduce your AWS costs by over 50%

Discover your Cloud Saving Potential – Answer just 5 simple questions. AppsFlyer, Playtika, Lufthansa, IBM, top leading companies are already using our FinOps services.

Reduce your AWS costs by over 50%

The Necurs botnet has resurfaced in a new phishing campaign targeting banks with malicious Microsoft Publisher and PDF files packed with the FlawedAmmyy remote-access Trojan.

Cofense researchers first detected the campaign early on August 15 and have confirmed 3,071 banking domains have been hit so far. Recipients range from small regional banks to some of the world’s largest financial institutions.

Necurs, a rootkit first discovered in 2012, became famous in 2016 when it was spotted delivering large volumes of Dridex and Locky ransomware. Now it’s resurfacing with new tactics as threat actors experiment with different strategies to see which are most effective.

This campaign differed from Necurs’ usual strategy in several ways. For starters, it wasn’t your traditional spam — this was a phishing campaign specifically geared toward the banking industry, using malicious attachments to deliver a payload designed to enable remote access. It also leveraged Microsoft Publisher files, a shift from typical Word and Excel documents. A small subset of this campaign used PDF files, which shows the attackers are trying different tactics.

Image Source

Read more: Dark Reading

Latest Articles

3 IT Infrastructure Costs Increasing in 2024:

As we navigate through the evolving landscape of IT infrastructure, a closer look at the cost trends for 2024 reveals significant shifts. From cloud expenses feeling the pressure of economic changes. With global cloud spending expected to hit over $1 trillion and various sectors facing unique challenges, staying informed is more crucial than ever.  Dive […]

Miguel Fersen Iberia & LATAM Regional Manager @ GlobalDots
26th February, 2024
Justt – IaC

Justt is a chargeback mitigation startup based in Tel Aviv. Chargebacks, as defined, are demands by a credit card provider for a retailer to reimburse losses on fraudulent or disputed transactions. Justt’s objective is to assist merchants worldwide in combating false chargebacks using its proprietary artificial intelligence technology.

GlobalDots
22nd February, 2024
8 FinOps Best Practices for Cutting Cloud Costs

The cloud used to be viewed as a place of significant cost savings: rather than purchasing and maintaining dozens of server stacks, organizations could outsource this and purchase compute power on an as-needed basis. In the ensuing rush to cloud architecture, however, many companies simply lifted-and-shifted their old financial bad habits. The sheer speed of […]

GlobalDots
22nd February, 2024

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

Unlock Your Cloud Potential