19 Oct Necurs Botnet Dowloader Takes Screenshots of Infected Desktops
News last Wednesday reported the resurgence of the infamous Necurs downloader–a ransomware-spreading botnet. Symantec researchers have found that it can now take screenshots of the victim’s computer and send it to the hacker’s remote server.
The Necurs botnet, which is said to have around 5 million hacked devices under its command, is also responsible for sending millions of phishing emails to spread the Locky ransomware.
Researchers speculate that the attackers are actively collecting operation intelligence on the status of their email campaigns. They believe the screenshot reports will help them design much more efficient emails to increase the chances of successfully delivering malicious payload.
According to Symantec, the only way to protect one’s system against such attacks would be to install security software and initiate routine updates on computer OS and other applications. They also emphasized that users should be careful of unknown emails and avoid opening suspicious links.
Source: ZD Net