Dridex Banking Trojan Phishing Campaign Ties To Necurs

By   ISBuzz Team
Writer , Information Security Buzz | Jan 25, 2018 03:50 am PST

It’s being reported that the operators of the the venerable Necurs botnet appear to be up to their old tricks, including targeting victims with a variety of phishing campaigns designed to infect them with banking malware, ransomware and cryptocurrency fever as well as to generate profits via dating website referrals. Andy Norton, Director of Threat Intelligence at Lastline commented below.

Andy Norton, Director of Threat Intelligence at Lastline:

“The Necurs group is spam operation, they will distribute any payload that will pay them to. All phishing themes have to have some applicabilty and resonance with their targets in order to work, dating would be successful to those targets who have an interest in it. Dridex uses several clever evasion methods including creating a brand new version of itself everytime there is a reboot. Placing a layer of dynamic malware analysis between the user and the email gateway is the best method to minimise encounters with Necurs payload spam.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x