The Necurs Botnet Launches A New Attack Against The Stock Market

The Necurs botnet which is currently the largest in the world has been found to attack the stock market in an attempt of manipulation.

Loading… Update!
The Necurs botnet has launched a new campaign to distribute the Locky ransomware virus. More infections of the notorious ransomware family are to be expected. It’s yet unknown if the scammers have created new variants of the virus.

The Necurs Botnet Strikes Again

The criminal operators of the infamous Necurs botnet have once again prepared to launch a devastating attack against a single target. This time it is the international stock market networks which can result in significant financial gain if a hacker-controlled manipulation is performed. The discovery was made by a team of one of the foremost threat intelligence experts who have been studying the botnet carefully. They have been alerted of the dangerous circumstances after a period of several weeks of inactivity.

The Necurs botnet was found to send out bulk e-mail messages from hacker or hacker-controlled email inboxes and servers in a similar way to ransomware and other types of viruses. This time however the body of the messages did not contain any links or direct attachments with malicious code. The email campaign was involved in a highly efficient and frequent sending of predefined messages that contain a counterfeit stock information alert about a specific stock ticker – $INCT which belongs to a mobile application development company called Incapta Inc. The alert reads that the stock is going to be bought by DJI, one of the famous drone vendors, for a price of 1.37 US Dollars per share based on an unofficial tip issued by a Manhattan company. The goal of the message is to entice the potential victims by advertising potential “revolution” in the drone industry due to the merge. Such social engineering techniques can result in the following types of damage:

  1. False Information – If the false message reads a large enough group of people they may spread it further which can lead to deliberate information crafting that can disrupt their stock market, reputation and user expectations.
  2. Misleading Of Users – The stock market depends on such rumors to weigh some of the riskier investments and as DJI is one of prominent vendors of drone this can lead to consequences for the company in terms of competitor response.
  3. False Idea Propagation – The message reads that the company aims to create a new series of devices which can be dispatched independently to regions where a risk has been detected – crime scene, fire and other types of emergencies.
  4. False Expectations & Pressure – The users are pressured by the emails to make the necessary action.

The messages read that the potential buyout is supposed to be announced on March 28 and the senders recommend that the targets purchase the relevant stock prices as soon as possible before they fluctuate. This behavior has been identified to be similar to a large-scale spam wave detected in December 2016. In the messages that were being distributed then the hackers crafted similar counterfeit emails that urged the recipients into buying stocks that belonged to a single company. Example subjects included the following:

  • “Read Now if you want a stock that will more than double by Christmas.”
  • “This stock will quadruple before Christmas. Time to buy now!”

The ongoing campaign feature two distinct types of messages. The first version reads the following:

Dear Subscriber,
Its been a long time since I sent you my special newsletter containing a hot stock tip.
The reason for that is because I really haven’t had many opportunities to present to you.
Incapta Inc (ticker: INCT) is a company that was brought to my attention earlier this morning by one of my colleagues at an M&A firm in manhattan.
It seems that a buy out from DJI is imminent at $1.37 per share and is set to be announced next week on Tuesday, March 28.
NCT is a company that has revolutionalized the drone industry by creating the first independent drones that can be dispatched to areas of interest such as crime scenes, car chases, wild fires, etc.
The network of drones operated by connecting to a cloud and complex algorithm efficiently dispatch the drones within moments of an incident being reported.
This way the media outlet that owns the drones can be first to the scene and get exclusive, live-streamed.
This has the potential to literaly change the world of news broadcasting as we know it and DJI (the most prominent drone-maker in the world) sees the potential of this technology which is why they are willing to pay $1.37 a share to acquire it. A premium of over 1,000% over Friday’s closing price.
Tell all your friends about INCT and make sure you buy it as soon as possible today at any price under 20 cents a share to guarantee yourself massive profits.


The second version has a slightly different body which contains the following text:

Dear Subscriber, Do you remember the last time I sent you a tip about a company worth buying in the market? I was right on point as its shares shot up more than tenfold in under 7 days. I had privileged information and I knew that something big was brewing. It took me months to find the next stock that is somewhat similar to that last one I told you about, but you can be certain that the upside potential is just as good. Incapta Incorporated (symbol: INCT) is a company that is on the verge of being acquired by a large drone-maker competitor. On March 28th (yes, next week) there is going to be something special announced that will take the share price from under 0.20 to over a dollar, overnight. INCT specializes in the manufacturing of high-end specialized drones with real-world applications such as automated dispatching for news coverage by companies like CNN all the way to miniature drones which can be used to gather intelligence for the military, private investigators and police. This cutting edge technology is changing the world as vie know it, and INCT is at the forefront of it all which is why it s being acquired and its share price is about to go ballistic. Tell everyone you know to buy INCT right now and keep it on the low as much as possible.

As always such counterfeit messages can be spotted by looking out for any of the following warning signs:

  • Grammar Mistakes.
  • Lack of a proper header.
  • The use of free email service providers.

Unfortunately the attack has already been identified to have an effect among stock market operators. Security and Finance experts noticed a significant increase of the volume of traded shares shortly after the Necurs botnet scheme started to spread.

Was this content helpful?

Author : Alex Dimchev

Alex Dimchev is a beat writer for Best Security Search. When he's not busy researching cyber-security matters, he enjoys sports and writing about himself in third person.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *