Wednesday , 22 November 2017
Home >> S >> Security >> Necurs behind with a vengeance

Necurs behind with a vengeance

Malware constantly evolves as criminals find new ways around cyber defences; one of a reasons that a attention continues to pierce divided from signature-based systems and towards an AI model. Some of those changes are some-more engaging than others, and a new refurbish to Necurs – highlighted by Symantec – is one of those.

The Necurs botnet – computers putrescent by malware of a same name, that acts as a downloader for other strains – has recently started banishment off a new call of emails swelling a various of a Locky or Trickbot ransomware.]

So far, so standard. What’s engaging is that a downloader has been weaponised.

Downloaders are mostly abandoned in ransomware attacks; they simply lift a ‘real’ cargo and afterwards disappear. The Necurs downloader, though, now contains functionality to accumulate telemetry from victims.

The initial new further is a Powershell book that takes a screenshot from a putrescent user’s PC and afterwards executes a authority to send that picture to a remote server.

Second is an in-built blunder stating function, that scans a downloader for problems, annals them and sends that information behind to a malware authors. This suggests that a enemy are perplexing to accumulate operational comprehension about their campaigns, in sequence to urge success rates.

Necurs done a reappearance on a malware stage in Mar this year, and activity levels have been augmenting given then. Symantec says, ‘With a information display a resurgence in activity, and a apparent efforts to collect operational intelligence, we can design to see continued expansion of a capabilities and a solid boost in Necurs activity levels in a entrance months.’

alt=''Symantec telemetry shows Necurs emails with book attachments have grown fourfold given June

Further reading

<!–

–>

  • <!–

  • Save this article

  • –>

close
==[ Click Here 1X ] [ Close ]==