Security researchers at Bormium recently discovered over a dozen US-based servers being used to host and distribute 10 different strains on malware through large scale phishing campaigns. 

The servers under scrutiny are owned and operated by FranTech Solutions, a hosting provider that uses a data center out of Nevada. The malware hosted on these servers features five families of banking trojans, including Dridex and IcedIn, two families of ransomware, and three information stealers. 

Researchers believe there are two threat actors at play here - one responsible for email and hosting, and others in charge of operating the malware. The phishing campaign uses common social engineering tactics trying to trick recipients into running malicious VBA macros on an attached Word document, resulting in a covert malware download. 

Bromium believes that the US was chosen for this attack instead of a country more tolerant of malicious online activity in an effort to enable a higher success rate with the mainly US-based targets, claiming, "The HTTP connections to download the malware from the web servers are more likely to success inside organizations that block traffic to and from countries that fall outside of their typical profile of network traffic."

It's imperative that organizations have proper malware detection protections in place to protect critical assets from known threat and zero-day attacks. NNT Change Tracker Gen72 provides continuous protection and deep visibility into system changes, identifying ransomware and other types of dangerous malware before they can carry out an attack. 

The Most Powerful & Reliable Cybersecurity Products
Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2021, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.