Necurs Botnet Is Now Targeting Banks Using .PUB File
Banks always remain a tempting target for hackers because that’s where the profit is. Recently Necurs Botnet campaign is spotted targeting banking industry. The Necurs Botnet use millions of hacked computer network and it is one of the biggest spamming operation detected till now. As revealed by a latest security report, the attackers behind this campaign are utilizing .PUB files which is actually a Microsoft publisher document. It is a major threat not only for the bank but its users too. Expert also suspect that this spam campaign can also be used by hackers in future because it has already done so much damage in its initial outbreak.
Necurs Botnet : How Does It Works And Used By Hackers
Necurs Botnet always delivers a trojan and like its previous attack this time it use .PUB File. According to reports this virus establish a constant connection between the server which is controlled by hackers and the infected host. This allow the cyber criminals to spy on the activities of victim in real time. As a consequence they become enable to take control over the targeted system and deploy other malware. Using this harvesting module cyber criminals can gather two kind of information:
- Personal data : Personal data is collected about users in order to expose their identity. In this module hackers can collect information like location , IP address, name, phone number, crucial password, interest and more.
- About system : In this module cyber hackers extract such information which help them to make the attack more effective. This module include information such as hardware component installed on system, some operating system values, user set option etc.
Trojan dropped by Necurs Botnet is also capable to modify Windows registry. If a trojan modify registry entry then it may disturb the normal functioning of the installed software as well as the complete operating system. Using this capability the con artist will change boot option too which allow the threat to start automatically. In addition it also the access of boot recovery menu which block manual removal option too.
How Necurs Botnet Utilize .PUB File In The Attack?
The main reason why hackers go with Necurs Botnet for this attack is it use peer to peer connection and Domain generation algorithms (DGA’s). For network administrator it is hard to block these type of infiltrating technique. These tricks are also used in spreading some infamous ransomware and banking trojan. In this campaign cyber criminals utilize phishing email messages to fulfill their evil intention. The targeted user will get a phishing email and contains .PUB File. The email message is designed so that it appear to be legitimate message send from Indian origin. If the user open that attachment, malicious macros will be activated in the system which download malware from remote website.
According to security researchers, the best way to prevent these attack is following security measures. If user don’t open such phishing email attachment they can protect their system by involving in such attacks.