It’s being reported that the operators of the the venerable Necurs botnet appear to be up to their old tricks, including targeting victims with a variety of phishing campaigns designed to infect them with banking malware, ransomware and cryptocurrency fever as well as to generate profits via dating website referrals. Andy Norton, Director of Threat Intelligence at Lastline commented below.
Andy Norton, Director of Threat Intelligence at Lastline:
“The Necurs group is spam operation, they will distribute any payload that will pay them to. All phishing themes have to have some applicabilty and resonance with their targets in order to work, dating would be successful to those targets who have an interest in it. Dridex uses several clever evasion methods including creating a brand new version of itself everytime there is a reboot. Placing a layer of dynamic malware analysis between the user and the email gateway is the best method to minimise encounters with Necurs payload spam.”