Researchers have uncovered over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs botnet.
On Thursday, researchers from Bromium said they have monitored scams connected to this infrastructure during the May 2018 to March 2019 time period.
Five families of banking Trojans — Dridex, Gootkit, IcedID, Nymaim, and Trickbot — two ransomware variants, Gandcrab and Hermes, as well as three information stealers, Fareit, Neutrino, and Azorult, were all found on the servers.
It is unusual for such malware to be found on infrastructure hosted in the US, given the country’s law enforcement agencies are generally quick off the mark to seize and take down malicious infrastructure when informed of its existence.
Read more…
Source: ZDNet