The Necurs botnet has resurfaced in a new phishing campaign targeting banks with malicious Microsoft Publisher and PDF files packed with the FlawedAmmyy remote-access Trojan.
Cofense researchers first detected the campaign early on August 15 and have confirmed 3,071 banking domains have been hit so far. Recipients range from small regional banks to some of the world’s largest financial institutions.
Necurs, a rootkit first discovered in 2012, became famous in 2016 when it was spotted delivering large volumes of Dridex and Locky ransomware. Now it’s resurfacing with new tactics as threat actors experiment with different strategies to see which are most effective.
