One of the most active Trojans this year has changed tactics and now installing backdoors on target machines instead of ransomware. Nemucod was used in several large campaigns in 2016, having reached a 24 per cent share on global malware detections in March this year, according to the firm. In the past, Nemucod payloads were primarily ransomware families, most frequently Locky or the now-discontinued TeslaCrypt. But now it has changed to serve up a backdoor. According to security researchers at ESET, the backdoor detected is Kovtar. As a backdoor, this Trojan allows the attacker to control machines remotely without the victim’s consent or knowledge.
ORIGINAL SOURCE: SC Magazine