Attackers have added another tool to their arsenal allowing them to screenshot desktops of infected victims.
The Necurs botnet had recently undergone a revival, spreading millions of malicious emails spreading the Locky ransomware along with the Trickbot banking Trojan.
Necurs can take screenshots and send them back to a remote server while also sending back information when the downloader has issues with performing functions on the machine. Researchers suggest that the attackers are actively attempting to gather “operational” intelligence about the performance of their campaigns.
Researchers warn users to ensure that their devices are up to date with the latest software.
Our Counterintelligence Team gathers information and conducts operations to identify threats to an organization so that they can better protect against malicious activity. We accomplish this by combining advanced technology with skilled and experienced intelligence specialists. Our goal is to protect your data, your brand and your people.