TA505 cyber-criminal gang delivers AndroMut, one fresh downloader malware

An extremely successful cyber-criminal gang across the world recently changed its tactics to currently spread one novel type of malicious program within its attack scheme that targets employees of financial services as well as banks inside USA, Singapore and United Arab Emirates.

The gang called TA505, which has been under the watch of security researchers at Proof Point, has been found deploying one fresh downloader malware named "AndroMut." The researchers state that the malware's development has been as recent as during June 2019. The latest destructive code has a number of similarities with TA505's past malicious program called Andromeda. AndroMut's chief downloadable payload is one which is named 'FlawedAmmy," one robust kind of 'remote access trojan' which has been actively deployed over 3-yrs-and-more. www.technadu.com posted this, July 3, 2019.

The threat actor syndicate TA505's first arrival was during 2014 after which it evolved to become a most profuse cyber-criminal gang, spreading remote access trojans, banking Trojans, and information stealers for victims worldwide.

Generally, TA505's attack scheme starts with an electronic mail which contains one malevolent HTML/HTM attachment. There are macros inside the Microsoft .xl or .doc file which runs certain Msiexec command once the file is opened followed with pulling down and installing either AndroMut or FlawedAmmy malicious program. Incase in the first phase AndroMut gets pulled down then in the second phase it is FlawedAmmy. The attack scheme's English version has the e-mail's sender allotted any of the three names: Rejeesh Aj, Ong Kai Chin, or Mir Imran Medhi. The attachments and caption in the e-mail pertain to holding cheques else invoices. www.technadu.com posted this, July 3, 2019.

A primary diversion of tactics by TA505 is evident from their move to disseminate downloaders and RATs within far greater targeted campaigns from employing ransomware and banking Trojans earlier. According to threat intelligence leader Chris Dawson at Proof Point, basically the gang is focused on more quality infections capable of acquiring long run monetization. TA505 for sure goes after the money, adjusting with worldwide trends while trying their hands on fresh payloads and geographies for getting the maximum returns, Dawson adds.

» SPAMfighter News - 7/12/2019