Malwarebytes researchers spotted an uptick in United States Postal Service (USPS) themed malspam delivering up to three different banking trojans.
The malware-laced emails are being distributed using various "subject" and "body" messages containing references to missing and/or late USPS parcels, according to an April 10 Malwarebytes blog post.
“This particular downloader, known by some as JS/Nemucod or simply JS/Downloader by others, is a well-known JavaScript downloader that is sent out via spam email,” the post said. “Historically this downloader will install 1 or 2 different malware families to infected machines, but the most recent campaign has upped that to 3 different malware families being installed post-detonation.”
In the most recent campaign the downloader has been spotted delivering Trojan.Nymaim, Trojan.Kovter, and Trojan.Boaxxe respectively.
Trojan.Nymaim provides attackers with remote access to infected machines granting them full use of the device; Trojan.Kovter is a fileless malware and has the ability to steal personal information, download additional malware, or grant attackers full use of the machine; and Trojan.Boaxxe has backdoor and stealing capabilities scans the PC for any trace of information deemed valuable by the creators and transmits this information to the attacker's server for use in further attacks.
