Security researchers at Bormium recently discovered over a dozen US-based servers being used to host and distribute 10 different strains on malware through large scale phishing campaigns. 

The servers under scrutiny are owned and operated by FranTech Solutions, a hosting provider that uses a data center out of Nevada. The malware hosted on these servers features five families of banking trojans, including Dridex and IcedIn, two families of ransomware, and three information stealers. 

Researchers believe there are two threat actors at play here - one responsible for email and hosting, and others in charge of operating the malware. The phishing campaign uses common social engineering tactics trying to trick recipients into running malicious VBA macros on an attached Word document, resulting in a covert malware download. 

Bromium believes that the US was chosen for this attack instead of a country more tolerant of malicious online activity in an effort to enable a higher success rate with the mainly US-based targets, claiming, "The HTTP connections to download the malware from the web servers are more likely to success inside organizations that block traffic to and from countries that fall outside of their typical profile of network traffic."

It's imperative that organizations have proper malware detection protections in place to protect critical assets from known threat and zero-day attacks. NNT Change Tracker Gen72 provides continuous protection and deep visibility into system changes, identifying ransomware and other types of dangerous malware before they can carry out an attack. 

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.