New Necurs Botnet Phishing Campaign Target Banks

No featured articles available

Check back soon for the latest updates and featured content.

Researchers have discovered a new phishing campaign targeting worldwide banks using Necurs Botnet

Researchers have discovered a new phishing campaign targeting worldwide banks using Necurs Botnet. Attackers are sending targeted phishing emails which contain malicious.PUB (Microsoft Publisher) files. Cofense researchers first spotted the campaign on August 15, and 3,701 bank domains were already hit by the campaign. “Today at 7:30 am EST we noticed a new file extension attached to its phishing campaigns: .PUB, which belongs to Microsoft Publisher. Like Word and Excel, Publisher has the ability to embed macros. The other eyebrow-raising moment is when it was observed that all of the recipients worked for banks. There were no free mail providers in this campaign, signaling clear intent by the attackers to infiltrate banks specifically.” The phishing email is sent with a subject line of Request BOI” or “Payment Advice and appears to be coming from someone from India. The emails are attached with.PUB extension file with an embedded macro and when executed the macro gets the URL in the UserForm1.Frame1.tag object which then downloads from a remote host. The final payload of the campaign is FlawedAmmyy remote access trojan which is based on the leaked source code for Ammyy Admin. The trojan can give the attacker full control of the infected system and which can lead to file and credential theft. Researchers also discovered some phishing emails with malicious pdf files as the attachment in the campaign. “Again, as this campaign is evolving more than 2,700 bank domains have been target recipients. The banks range from small regional banks all the way up to the largest financial institutions in the world. We have not yet determined the actor(s) behind this specific campaign or the final goal. Cofense will continue to monitor the campaign for additional developments.” said in the blog post published by Researchers. For more detail you can visit post published by Cofense researchers here.

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

Successful CISO – Is a Business Enabler the Need of the Hour?

Behind the Job Title: Information Security Consultant

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

New Necurs Botnet Phishing Campaign Target Banks

Researchers have discovered a new phishing campaign targeting worldwide banks using Necurs Botnet

Share Your Story!

No featured articles available

Researchers have discovered a new phishing campaign targeting worldwide banks using Necurs Botnet

Stay Updated with the Latest Cybersecurity News