Saturday, January 25, 2025
HomeMalwareLocky Ransomware Used Necurs Malware Again back To Form and Take a...

Locky Ransomware Used Necurs Malware Again back To Form and Take a Screenshot of Your Screen

Published on

SIEM as a Service

Follow Us on Google News

A Dangerous Necurs malware evolving again and spreading via new email campaign by Necurs bots or hacked web servers and mainly taking a screenshot of infected victims screen.

Necurs malware calls it as downloader or loader which infect the bootloader and download the second level of payloads like Ransomware or other persistent malware.

Recent days  Necurs Botnet mainly used to spreading a Locky Ransomware which is one of the dangerous ransomware in history that infected million of peoples around the World.

Necurs Malware also having an error reporting capability that will send back details of any errors that the downloader encounters when it tries to carry out its activities.

How Does Necurs Malware Works

Same as traditional invoice Social Engineering Email that contains a message urging the reader to open the attachment to check the invoice.

The email contains an attached .html file with embedded javascript and the javascript get executed then it will download a payload of Locky Ransomware.

Once it executes the Final Payload, it  will run a PowerShell script that takes a screenshot the Entire Screee and saves it with name as generalpd.jpg.
According to Symantec, This functionality is interesting because downloaders tend to just deliver a payload and then disappear as quickly as possible. When you consider the screen grab functionality together with the new error-reporting capability, it suggests that the Necurs attackers are actively trying to gather operational intelligence (OPINTEL) about the performance of their campaigns

Necurs Error Reporting capability helps an attacker to fix the Problem while Malware Performing in the Victims side and also helps to increase the success rate of attack same operating system Error reporting method that helps to fix the issue and build a better Product.

Symantec also provided a graphic with Necurs spam waves this year, confirming previous reports of increased activity in the past few months. Currently, the Necurs botnet is busy pushing the Locky ransomware and the TrickBot banking trojan.

Symantec Recommend users to follow the following Mitigations to secure from this Dangerous Malware.

  • Delete any suspicious-looking emails you receive, especially if they contain links or attachments.
  • Always keep your security software up to date to protect yourself against any new variants of malware.
  • Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by attackers.
  • Regularly back up any files stored on your computer. If your computer does become infected with ransomware, your files can be restored once the malware has been removed.
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Beware of Fake Captcha Verifications Spreading Lumma Malware

In January, Netskope Threat Labs uncovered a sophisticated global malware campaign leveraging fake CAPTCHA...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Murdoc Botnet Exploiting AVTECH Cameras & Huawei Routers to Gain Complete Control

Researchers have identified an active malware campaign involving a Mirai botnet variant, dubbed Murdoc,...