Attackers have added another tool to their arsenal allowing them to screenshot desktops of infected victims.
The Necurs botnet had recently undergone a revival, spreading millions of malicious emails spreading the Locky ransomware along with the Trickbot banking Trojan.
Necurs can take screenshots and send them back to a remote server while also sending back information when the downloader has issues with performing functions on the machine. Researchers suggest that the attackers are actively attempting to gather “operational” intelligence about the performance of their campaigns.
Researchers warn users to ensure that their devices are up to date with the latest software.