menu

Contact Us

1 (800) 723-1166 |

Necurs

HomeNecurs
HomeNecurs

New Year, New Look - Dridex via Compromised FTP

Forcepoint Security Labs have recently observed a peculiar email campaign distributing a variant of the Dridex banking trojan. The campaign used compromised FTP sites instead of the more usual HTTP link as download locations for malicious documents, exposing the credentials of the compromised FTP sites in the process.

Massive Email Campaign Spreads Scarab Ransomware

In a similar fashion to the Jaff ransomware, Forcepoint Security Labs have observed another piece of ransomware called “Scarab” being pushed by the infamous Necurs botnet. The massive email campaign started at approximately 07:30 UTC and is active as of 13:30 today, totalling over 12.5 million emails captured so far.

TrickBot spread by Necurs Botnet, Adds Nordic Countries to its Targets

At around 09:00 BST yesterday, Forcepoint Security Labs™ observed a significant malicious email campaign from the Necurs botnet. Necurs is a prevalent botnet that is known to spreading Locky ransomware, pump-and-dump stock scams, and more recently the Jaff ransomware. This time Necurs has been seen spreading the Trickbot banking Trojan, complete with an updated set of targets.