A single Command and Control server could be responsible for running a botnet using a number of different malware programs to infect users. It appears the cybercriminals are infecting as many machines as possible, and the botnet can be sold or rented to clients - spreading via manipulated Word documents attached to emails.
Security firm G DATA found a fake rail card invoice is one tactic criminals are using to help infect new victims. Instead of being an actual rail card invoice, however, the installed malware builds up a botnet, as criminals are able to remotely hijack infected PCs.
"The malware behaves like a matryoshka doll on the system," said Ralf Benzmuller, head of G DATA SecurityLabs. "It gradually reveals its potential and actual aim. We suspect that the infected systems are intended for use as zombie PCs in the Andromeda/Gamarue botnet."
- Spring promotion: Windows 10 Pro key $10.55 + Office 2019 Pro $33.96
- Microsoft fires digital rocket at world's largest cybercrime network
- xHelper the 'irremovable' malware found in over 45,000 Android devices
- 50% of coronavirus related domains are being used by hackers, beware!
- Apex Legends Halloween event: Nightmare map, ZOMBIES, and more
- > NEXT STORY: Pebble breaks Kickstarter records, raises whopping $20.3 million
- < PREVIOUS STORY: GitHub facing DDoS siege cyberattack dating back few days