Hacking groups have switched attacks from ransomware to trojan malware, reports say

A prolific hacking group has returned with a new campaign which looks to deliver a new Remote Access Trojan (RAT) to victims in order to create a backdoor into PCs to steal credentials and banking information.

The campaign is suspected to be the work of TA505, a well-resourced hacking group which has been active since at least 2014.

The group has launched some of the largest cyber-attack campaigns of recent years, with victims targeted with the Dridex banking trojan, Locky ransomware, Jaff ransomware and more.

Read also: Newly found frozen ‘super-Earth’ capable of harbouring human life, scientists say

Many of these campaigns have been launched with the aid of the Necurs botnet, one of the largest spam generators used by cyber criminals.

Now TA505 is running a new campaign, which has been detailed by researchers at security company Proofpoint.

In line with a change of focus by other cybercriminal groups, TA505 has shifted away from ransomware and banking trojans and now appears to focus on RATs — including one which has only recently appeared and had only been used twice before. In both previous cases, the attackers remain unidentified.

Join the conversation

Opinions

Support Ripples Nigeria, hold up solutions journalism

Balanced, fearless journalism driven by data comes at huge financial costs.

As a media platform, we hold leadership accountable and will not trade the right to press freedom and free speech for a piece of cake.

If you like what we do, and are ready to uphold solutions journalism, kindly donate to the Ripples Nigeria cause.

Your support would help to ensure that citizens and institutions continue to have free access to credible and reliable information for societal development.

Donate Now