Necurs Botnet Pushing New Marap Malware



The botnet is an example of using good technologies for bad intentions. A botnet is nothing more than a string of connected computers coordinated together to perform a task. That can be maintaining a chatroom, or it can be taking control of your computer. Botnet is just one of the many perils out there on the Internet. Here’s how they work and how you can protect yourself.


Once the botnet’s owner is in control of your computer, they usually use your machine to carry out other nefarious tasks. Common tasks executed by botnets include:


  • Using your machine’s power to assist in distributed denial-of-service (DDoS) attacks to shut down websites.
  • Emailing spam out to millions of Internet users.
  • Generating fake Internet traffic on a third-party website for financial gain.
  • Replacing banner ads in your web browser specifically targeted at you.
  • Pop-ups ads designed to get you to pay for the removal of the botnet through a phony anti-spyware package.


The short answer is that a botnet is hijacking your computer to do what botnets do — carry out mundane tasks — faster and better.





Necurs Botnet Pushing New Marap Malware

Security researchers from Proofpoint have discovered a new malware strain that they named Marap and which is currently distributed via massive waves of spam emails carrying malicious attachments (malspam).

The malware is neither a banking trojan, a remote access trojan (RAT), or ransomware, but a malware download (also referred to as malware loader or malware dropper).

Marap is a slim malware strain that infects victims, fingerprints their systems, and sends this information back to a central command & control (C&C) server.






Marap distributed via Necurs-like spam campaigns

Currently, the malware is in a build-up stage, where with the help of malspam campaigns, the malware is building a base of infected users.

Proofpoint says these malspam campaigns “shared many features with previous campaigns attributed to the TA505 actor.”

The TA505 actor is Proofpoint’s internal name for Necurs, the world’s largest spam botnet, which in recent years has been behind campaigns distributing some of the most widespread malware threats, such as the Dridex banking trojan, and the Locky and Jaff ransomware families.

This massive botnet has been relatively quiet since the start of the year, being involved in many low-volume malspam campaigns, and only recently began returning to larger distribution pushes.






Marap downloader still in its infancy

As for the malspam campaigns pushing the new Marap downloader, Proofpoint says it’s seen various versions. Researchers have seen campaigns leveraging .IQY files, PDF documents with embedded IQY files, password-protected ZIP archives, and the classic Word docs with embedded macros.

As for Marap itself, researchers also said the malware contains basic features to detect virtual machines used for malware analysis, but they don’t appear as complicated as other techniques used by more established trojans.

Marap’s emergence is no surprise. In the past year, as ransomware distribution has died down, malicious threat actors have returned to distributing banking trojans or have shifted to distributing cryptocurrency mining trojans or malware downloaders.








Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Internet Of Things Training in Bhubaneswar

Internet Of Things Training in Bangalore

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Other Location for Online Courses: