Hackers
host10 malware families and distribute them through mass phishing campaigns via
utilizing the hosting infrastructure method in the US.
The
cybercriminals have been said to reuse similar servers so as to easily host
diverse malware that demonstrate the coordination of a common entity between
the malware operators.
The said
hosted malware families incorporate five banking Trojans, two ransomware and
three information stealer malware families. The malware incorporates the easily
recognizable ones, like the Dridex, GandCrab, Neutrino, IcedID, and others.
Bromium, a
venture capital–backed startup working with virtualization technology
subsequent to tracking the operations for just about a year says that,
“Multiple malware families were staged on the same web servers and subsequently
distributed through mass phishing campaigns.”
The malware
families hosted in the server have separation with the C2 servers, which shows
that one threat actor is in charge of email and 'hosting' and another for the
malware tasks.
The malware
facilitated servers run the default establishments of CentOS and Apache HTTP,
and the payloads are ordered and hosted in less than 24 hours. All the
malware are disseminated with phishing messages that convey macro implanted pernicious
word documents that consist of links indicating the malware hosted servers.
Bromium
said, “63% of the campaigns delivered a weaponized Word document that was
password protected, with a simple password in the message body of the email,
such as ‘1234’ or ‘321’.”
Albeit
strict measures are being taken to predict any further troubles similar to this
one however an ongoing report from IBM, states that the major cybercrime groups
associated together in 'explicit collaboration' and keeps on exchanging their
contents, strategies, and systems to sidestep the security and to dodge from the
law enforcement agencies with ease.
