New Malware Strain Gives Hackers Backdoor Access to Windows PCs


ZDNet reports there’s a new strain of ServHelper malware that’s making the rounds, targeting banks, businesses, and retailers. Security researchers detected the ServHelper malware back in November of 2017. What makes it distinctive is its two-pronged attack.

How Does ServHelper Work?

This malware gives hackers access to your data by providing a backdoor into your Windows computer. From there, the digital thieves can log keystrokes, take screenshots of your activity, and log your information to sell on the black market. It could also use your device to deploy its malware.

Furthermore, the way in which it distributes its malware is through phishing emails. You might receive an email asking you to open a document relating to a bank transfer. Upon opening the attachment, it enables the macros necessary for ServHelper to operate through your system.

Along with this, another way ServHelper is becoming effective is through its deployment of FlawedGrace.

What is FlawedGrace?

FlawedGrace is an effective malware that grants users total control over an infected device. ZDNet states the infrastructure of FlawedGrace is unique in its multithreaded programming techniques, which makes it more difficult for security programs to identify the malware as a threat.

Moreover, because ServHelper has the ability to download and deploy this malware, it makes the tandem that much more dangerous for banks, retailers, and businesses, since hackers are targeting them for quick paydays and information gathering.

Lastly, one of the reasons why ServHelper is so effective is due to its volume of sending phishing emails–it can send tens of thousands of emails in one distribution. This increases the likelihood of at least a few people opening the attachments.

How Do I Prevent This Attack from Happening?

Common sense is the best route to take. If you receive an email from someone claiming to be your bank asking for account details, then you know it’s a fraud–banks don’t request personal information through email unless you’ve been speaking with someone previously, and they verified your credentials.

In addition, it’s important that your business share news of ransomware developments. This way people can understand how hackers are trying to access information and it makes it easier for them to spot any phishing emails that might come in.

Meanwhile, if you or your company has been a victim of malware, trust the experts at Outsource Data Recover to find your files in a timely manner. We employ the foremost experts in the recovery field and have many resources available to make your recoveries securely. Contact us today to learn more.