Malware researchers discovered two new malware families distributed through phishing campaigns last year from the Necurs botnet: ServHelper backdoor with two variants and FlawedGrace remote access trojan (RAT). The threat actor continues to target organisations in the financial and retail sectors, the researchers say, using Microsoft Word, Microsoft Publisher, and PDF files to install the malware on the victim computer host.
Commenting on the news is Maor Hizkiev, CTO and Co-founder at BitDam:
“FlawedGrace is an advanced attack, which is incredibly difficult to detect as it completely changes its exfiltration methods and running behaviour for each new campaign. This is a smart move on the part of the attacker as most security solutions still use detection engines that operate based on attacks they’ve already seen. This means new attacks go under the radar and produce the desired outcome, such as infecting a victim’s computer with malware.
Every computer today has Microsoft Office installed. This means it is relatively easy to penetrate an organisation by sending a seemingly trustworthy Office file, dupe the unsuspecting target into opening it and inadvertently triggering the attack.
The most effective way to protect against content-borne attacks – that are changing on a daily basis – is to adopt a proactive solution that identifies and stops new malicious emails and attachments at source rather than basing its detection mechanism on past attacks.