January 11th 2019, By Tara Seals
The latest malware from TA505 has been seen targeting banks, retailers and restaurants with two different versions.
A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace.
According to Proofpoint, the prolific cybercriminal gang known as TA505
developed ServHelper, which has two variants: one focused on remote desktop functions and a second that primarily functions as a downloader. It’s named after the file names that are associated with the infection; and, a sample from one campaign used command and control (C2) URIs containing “/rest/serv.php.”