Researchers at cybersecurity firm Proofpoint have discovered a new attack campaign by TA505, a notorious cybercrime group responsible for various major attacks in recent years, including the Locky ransomware campaign.
The campaign combines two types of malware, ServHelper and FlawedGrace. ServHelper is the newest of the two, being discovered only in November of last year. It installs a backdoor on targeted machines running Windows, allowing threat actors to gain remote access. In addition, ServHelper downloads FlawedGrace on compromised PCs. FlawGrace is a powerful Remote Access Trojan that was first discovered November of 2017.
Read more: https://www.zdnet.com/article/this-trojan-attack-adds-a-backdoor-to-your-windows-pc-to-steal-data/