Monday, October 7, 2024
HomeMalwareLocky Ransomware Used Necurs Malware Again back To Form and Take a...

Locky Ransomware Used Necurs Malware Again back To Form and Take a Screenshot of Your Screen

Published on

A Dangerous Necurs malware evolving again and spreading via new email campaign by Necurs bots or hacked web servers and mainly taking a screenshot of infected victims screen.

Necurs malware calls it as downloader or loader which infect the bootloader and download the second level of payloads like Ransomware or other persistent malware.

Recent days  Necurs Botnet mainly used to spreading a Locky Ransomware which is one of the dangerous ransomware in history that infected million of peoples around the World.

- Advertisement - EHA

Necurs Malware also having an error reporting capability that will send back details of any errors that the downloader encounters when it tries to carry out its activities.

How Does Necurs Malware Works

Same as traditional invoice Social Engineering Email that contains a message urging the reader to open the attachment to check the invoice.

The email contains an attached .html file with embedded javascript and the javascript get executed then it will download a payload of Locky Ransomware.

Once it executes the Final Payload, it  will run a PowerShell script that takes a screenshot the Entire Screee and saves it with name as generalpd.jpg.
According to Symantec, This functionality is interesting because downloaders tend to just deliver a payload and then disappear as quickly as possible. When you consider the screen grab functionality together with the new error-reporting capability, it suggests that the Necurs attackers are actively trying to gather operational intelligence (OPINTEL) about the performance of their campaigns

Necurs Error Reporting capability helps an attacker to fix the Problem while Malware Performing in the Victims side and also helps to increase the success rate of attack same operating system Error reporting method that helps to fix the issue and build a better Product.

Symantec also provided a graphic with Necurs spam waves this year, confirming previous reports of increased activity in the past few months. Currently, the Necurs botnet is busy pushing the Locky ransomware and the TrickBot banking trojan.

Symantec Recommend users to follow the following Mitigations to secure from this Dangerous Malware.

  • Delete any suspicious-looking emails you receive, especially if they contain links or attachments.
  • Always keep your security software up to date to protect yourself against any new variants of malware.
  • Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by attackers.
  • Regularly back up any files stored on your computer. If your computer does become infected with ransomware, your files can be restored once the malware has been removed.
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials

In a new campaign that is aimed at users who speak Russian, the modular...

LummaC2 Stealer Leverages Customized Control Flow Indirection For Execution

The LummaC2 obfuscator employs a novel control flow protection scheme designed specifically for its...

Octo2 Android Malware Attacking To Steal Banking Credentials

The original threat actor behind the Octo malware family has released a new variant,...