Just days after the FBI issued a private warning to the banking industry (read more here), the botnet network known as Necurs began a spamming campaign that targeted the banking industry. The activity was discovered by the security research firm Cofense. According to Cofense, the Necurs network started a concentrated spear phishing campaign against approximately 2,700 banks on August 15. The campaign lasted for approximately eight hours and was designed to spread Remote Access Trojans (RAT).
As noted by several sources, one of the more interesting aspects of the campaign was that it appeared to only target actual bank employees, adding an element of true spear phishing. Typically, spear phishing campaigns are not part of Necurs’ modus operandi. The emails contained either a Microsoft Publisher file or PDF document that was weaponized with RAT malware capable of providing hackers complete access to the host.