Bromium uncovers US-based malware distribution center

News
By
published

More than a dozen US-based web servers targeted businesses with mass phishing campaigns

Image Credit: Pixabay

A recent investigation by virtualization company Bromium has discovered that US-based web servers were being used by cybercriminals to host and distribute banking trojans, information stealers and ransomware.

The firm analyzed its own threat data as well as public data between May 2018 and March 2019 to reveal that malicious threats were originating from web servers in Las Vegas, Nevada registered under the name PONYNET and hosted on BuyVM data centers.

BuyVM is actually owned by FranTech solutions which is a hosting provider that has previously been found to have links to far-right websites.

Bromium's team found at least ten types of malware that could be traced back to the servers including Dirdex, Gootkit, IcedID, Nymaim, Trickbot, Fareit, Neutrino, AZORult, Gandcrab and Hermes.

Malware distribution

Further investigation of the emails and infected documents used in the campaigns revealed that they all in English and targeted US companies. 42 percent of the infected documents claimed to be job applications or resumes and an additional 21 percent posed as unpaid invoices.

The cybercriminals behind the malware attacks even used the same servers multiple times, either pairing first and second stage malware for the same campaign or hosting different campaigns on a weekly basis.

A Bromium spokesperson provided further insight on the discovery, saying:

“These findings demonstrate the enduring effectiveness of phishing to spread malware and infect enterprise systems. Phishing emails have become harder to spot, and hackers know they only need to get it right once. To defend against these threats, organizations must adopt layered cybersecurity defenses that utilize application isolation to contain malicious threats, while providing rich-threat telemetry about the hacker’s intent. This allows employees to get on with their jobs without worrying about being the source of a breach, and leaves cybercriminals unable to deliver the goods.” 

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
How to prevent cyberattacks
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Latest in News
Nvidia geforce rtx 3050
RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet
OnePlus 13
OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
Q Acoustics Q SUB80, QSUB100 and QSUB120 subwoofers
Q Acoustics wants to bring the bass to your post-Oscars movie catch-up
Hospital
Major Oracle outage hits US Federal health record systems
Samsung Galaxy A56 display
Samsung’s new budget handsets are getting One UI 7 before the Galaxy S24 Ultra, and I’m as confused as you are
More about security
Bluetooth

Top Bluetooth chip security flaw could put a billion devices at risk worldwide
How to prevent cyberattacks

NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
healthcare

Software bug meant NHS information was potentially “vulnerable to hackers”
See more latest
Most Popular
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
OnePlus 13
OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go
Nvidia geforce rtx 3050
RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Michelle and Kid Cosmo watching a video projected onto a screen in Netflix's The Electric State movie
'We could not achieve that with puppetry or animatronics': Joe and Anthony Russo didn't want to build real-life robots for The Electric State for two big reasons
Workers at computers in an office
Cybersecurity workers aren't massively happy with their employers - but they are being paid pretty well
Nvidia logo on a dark background
Nvidia's GeForce graphics driver woes continue for some users, despite 572.75 hotfix's overclock and black screen promises
Garmin Fenix 8 AMOLED watch on wrist
Garmin owners were confused about 13.35 software update for Fenix 8, here's what actually happened
An AI face in profile against a digital background.
Worried about DeepSeek? Well, Google Gemini collects even more of your personal data
Samsung Galaxy A56 display
Samsung’s new budget handsets are getting One UI 7 before the Galaxy S24 Ultra, and I’m as confused as you are