June 13, 2016
Security researchers from SophosLabs have detected Vawtrack v2 in a series of attacks that targeted banks in countries where the trojan hadn’t previously been active.
Vawtrack, also known as Snifula or NeverQuest, is one of today’s most popular banking trojans, ranked fourth in 2015, according to Symantec. The trojan is available as a rentable service on the Dark Web in the form of a Malware-as-a-Service offering. Many different criminal groups rent Vawtrack, and each distributes it via its own methods.
In a report released last week, SophosLabs revealed it detected a new campaign using spam email claiming to be shipping deliveries. These emails contained boobytrapped Word documents that asked the user to enable macros.