Level 33
Malware researchers discovered two new malware families distributed through phishing campaigns last year from the Necurs botnet: ServHelper backdoor with two variants and FlawedGrace remote access trojan (RAT).
The threat actor continues to target organizations in the financial and retail sectors, the researchers say, using Microsoft Word, Microsoft Publisher, and PDF files pull the malware on the victim computer host.

Necurs campaigns deliver ServHelper

A first salvo of malicious messages was shot on November 9, 2018. It was a small campaign with several thousand emails delivering Word and Publisher documents laced with hostile macros.
A larger campaign with tens of thousands of emails occurred six days later and carried messages with .DOC, .PUB, and .WIZ documents, all specific to the same Microsoft Office components mentioned above.