The notorious cybercriminal group TA505 has fundamentally changed its tactics in recent campaigns, Proofpoint recently discovered. While TA505 is known for distributing Trojans, information stealers, ransomware and other malware in large-scale campaigns, it has now shifted toward more targeted phishing attacks.
The hacking group also began using a new malware strain known as AndroMut, which functions as a downloader for the powerful FlawedAmmyy remote access Trojan (RAT). According to Chris Dawson of Proofpoint, the shift in tactics means that TA505 “is going after higher quality infections with the potential for longer-term monetization – quality over quantity.”
Read more: This hacking gang just switched its malware attacks to a new target