Security experts released a report linking the new malware to the TA505 hacker group, and identified two lines of malicious programs that began to spread in 2018 using phishing emails. Thus, two variants – ServHelper backdoor and FlawedGrace trojan that allow access to the affected device from a distance – seriously jeopardize a large number of users.
According to the report at the end of 2018, two phishing campaigns were launched targeting banks, restaurants and stores, and malicious e-mails contained MS Word or PDF documents that, when the victim opened them, installed malware on the devices. The group behind the attack – TA505 – is one of the most active cyber criminal organizations in the past few years, and has previously been responsible for both GlobeImposter and Locky ransomware. It has now been noticed that the group from the crypto virus is redirected to backdoor Trojan viruses, and to the malware that is responsible for theft of information.
The new malware family was called ServHelper, and the first attack was recorded in November 2018. The final campaign was launched on December 13th, and the attackers distributed PDF documents with malicious links on that occasion.