Tuesday, April 29, 2025
HomeComputer SecurityHackers Used US-based Web Servers to Distribute 10 Malware Families Via Weaponized...

Hackers Used US-based Web Servers to Distribute 10 Malware Families Via Weaponized Word Documents

Published on

SIEM as a Service

Follow Us on Google News

Hackers used hosting infrastructure in the United States to host 10 malware families and distributed them through mass phishing campaigns.

The hosted malware families include five banking Trojans, two ransomware and three information stealer malware families. The malware includes familiar ones such as Dridex, GandCrab, Neutrino, IcedID, and others.

[table id=5 /]

- Advertisement - Google News

Bromium has tracked the operations so closer for a year and says, “Multiple malware families were staged on the same web servers and subsequently distributed through mass phishing campaigns.”

Cybercriminals reuse the same servers to host different malware that indicates collaboration of common entity between the malware operators.

The malware families hosted in the server but they have separation with C2 servers, which indicates one threat actor responsible for email and hosting and another for malware operations.

Malware Families & Campaigns

Attackers distribute the malware through phishing campaigns that malicious word documents and utilize the social engineering tricks to lure victims in executing the embedded VBA macro.

According to Bromium, “the malware identified primarily targets an anglophone audience because all the phishing emails and documents we examined from campaigns linked to the hosting infrastructure were written in English.”

The malware hosted servers run the default installations of CentOS and Apache HTTP, and the payloads are compiled and hosted in less than 24 hours.

All the malware are distributed with phishing emails that carry macro embedded malicious word documents that contain links pointed to malware hosted servers.

Malware Families

“63% of the campaigns delivered a weaponized Word document that was password protected, with a simple password in the message body of the email, such as ‘1234’ or ‘321’,” Bromium said.

The recent report from IBM, states that the major cybercrime groups connected together in explicit collaboration and continues to exchange their scripts, tactics, and techniques to bypass the security measures and to evade from law enforcement agencies.

You can find the IOCs in Bromium report.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Blinded from Above: How Relentless Cyber-Attacks Are Knocking Satellites Out of Sight

According to the Center for Strategic & International Studies' (CSIS) 2025 Space Threat Assessment,...

Google Chrome Vulnerability Allows Attackers to Bypass Sandbox Restrictions – Technical Details Revealed

A severe vulnerability, identified as CVE-2025-2783, has been discovered in Google Chrome, specifically targeting...

Threat Actors Accelerate Transition from Reconnaissance to Compromise – New Report Finds

Cybercriminals are leveraging automation across the entire attack chain, drastically reducing the time from...

ResolverRAT Targets Healthcare and Pharmaceutical Sectors Through Sophisticated Phishing Attacks

A previously undocumented remote access trojan (RAT) named ResolverRAT has surfaced, specifically targeting healthcare...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Blinded from Above: How Relentless Cyber-Attacks Are Knocking Satellites Out of Sight

According to the Center for Strategic & International Studies' (CSIS) 2025 Space Threat Assessment,...

Google Chrome Vulnerability Allows Attackers to Bypass Sandbox Restrictions – Technical Details Revealed

A severe vulnerability, identified as CVE-2025-2783, has been discovered in Google Chrome, specifically targeting...

Threat Actors Accelerate Transition from Reconnaissance to Compromise – New Report Finds

Cybercriminals are leveraging automation across the entire attack chain, drastically reducing the time from...