A new email campaign includes a Microsoft Office Publisher file with malicious URLs leading to the FlawedAmmyy RAT.
A malspam campaign targeting a slew of banks is turning researchers’ heads with its unusual use of a Microsoft Office Publisher file to infect victims’ systems with a well-known backdoor.
Researchers with Trustwave said that they have seen a spate of emails with a Microsoft Office Publisher file (a .pub attachment) and the subject line, “Payment Advice,” targeting domains belonging to banks.
Upon further investigation, researchers found that the malspam emails contained URLs that downloaded FlawedAmmyy RAT, a tricky backdoor tool that lets attackers control victims’ machine unknowingly.
“This campaign was unusual in the use of .pub files. It also appeared to originate from the
Necurs botnet, a notorious botnet responsible for much mass malware distribution in the past,” researchers said today in a
post about the campaign.
