TA505 Crime Gang Debuts Brand-New ServHelper Backdoor

Userlevel 7
Badge +48

January 11th 2019, By Tara Seals

The latest malware from TA505 has been seen targeting banks, retailers and restaurants with two different versions.

A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace.

According to Proofpoint, the prolific cybercriminal gang known as TA505 developed ServHelper, which has two variants: one focused on remote desktop functions and a second that primarily functions as a downloader. It’s named after the file names that are associated with the infection; and, a sample from one campaign used command and control (C2) URIs containing “/rest/serv.php.”

Full Article.

0 replies

Be the first to reply!


    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings