Necurs Botnet Now Dispersing Marap Malware

August 23, 2018

The Necurs botnet is being utilized to transmit huge quantities of spam electronic mails having Marap malware. Marap malware is presently being utilized for reconnaissance and learning about sufferers. The aim seems to be the creation of a system of infected users that can be aimed in future attacks.
The malware generates an exclusive impression for each infected appliance, contacts its C2 server, and transmits information concerning the sufferer’s system to the attackers including username, operating system, language, country, IP address, domain name, hostname, installed anti-virus software, and details of Microsoft Outlook OST files.
The malware has some basic anti-analysis characteristics and can find when it has been fitted on a virtual machine and contains measures to obstruct debugging and sandboxing.
Marap malware is modular and can easily be updated with additional modules post-infection to provide increased functionality. It helps as a malware dropper that can be used to provide many different payloads, even though it is presently unclear what those payloads will be.
The malspam campaign was discovered by safety scientists at Proofpoint who say it involves millions of emails. Marap malware is delivered using a range of different electronic mail attachments, with Microsoft Excel Web Query files (IQY) preferred. The messages have iqy files as attachments, or they are incorporated in PDF files and password-protected ZIP files. Standard Microsoft Word documents with malevolent macros are also being transmitted.
The spam campaign includes a range of different electronic mail subjects and messages including sales requests, important banking documents, invoices, and simple electronic mails just containing malevolent PDF files and ZIP file attachments.
Proofpoint notes that there has been a surge in these flexible malware variations in recent months as threat actors move away from ransomware and ‘noisy’ malware that are easy to notice. In its place, downloaders, for example, Marap malware gives attackers the flexibility to introduce a variety of different attacks and carry out a recce to recognize systems that deserve a more significant compromise.

Tags

Stan Martin

Stan Martin

Stan Martin is a journalist writing about all aspects of the healthcare sector. Stan's reporting spans a wide array of topics within healthcare, from medical advancements and health policy to patient care and the economic aspects of the healthcare industry. Stan has contributed hundreds of news articles to Healthcare IT Journal, demonstrating a commitment to delivering factual, comprehensive news.

Get the free newsletter

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name

Read Next

Scroll to Top

Get the free newsletter

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name