The cybercriminal group TA505 has developed a new downloader tool and remote access trojan (RAT), both of which were observed in a sequence of phishing campaigns that began this past September.
The downloader, named Get2, has been used in campaigns to deliver a variety of secondary payloads, including the FlawedGrace and FlawedAmmyy RATs and Snatch ransomware. A fourth payload is new RAT dubbed SDBbot, whose command-based capabilities include remote desktop access; file system access; downloading, injecting and loading attacker-controller files, capturing video and screenshots; reading, writing and deleting files; and retrieving driver information and directory listings.
Researchers at Proofpoint discovered the new pair of malware programs, describing them and their associated campaigns in a company blog post today. Proofpoint has extensively tracked the TA505 group, which historically is best known for targeting victims with the Dridex banking trojan and Locky ransomware.
The first campaign, which commenced Sept. 9, focused on financial institutions in Greece, Singapore, United Arab Emirates, Georgia, Sweden, Lithuania and other countries. The attackers spammed their targets with tens of thousands of emails featuring m ..
Support the originator by clicking the read the rest link below.
