New ServHelper Backdoor and FlawedGrace RAT Pushed by Necurs Botnet

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Malware researchers discovered two new malware families distributed through phishing campaigns last year from the Necurs botnet: ServHelper backdoor with two variants and FlawedGrace remote access trojan (RAT).
The threat actor continues to target organizations in the financial and retail sectors, the researchers say, using Microsoft Word, Microsoft Publisher, and PDF files pull the malware on the victim computer host.


Necurs campaigns deliver ServHelper

A first salvo of malicious messages was shot on November 9, 2018. It was a small campaign with several thousand emails delivering Word and Publisher documents laced with hostile macros.
A larger campaign with tens of thousands of emails occurred six days later and carried messages with .DOC, .PUB, and .WIZ documents, all specific to the same Microsoft Office components mentioned above.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top