Palo Alto Networks’ Unit 42 division saw increasing numbers of mass spam messages delivering the Redaman banking trojan. The emails targeted Russian email recipients, often with email addresses ending in.ru, and delivered their payloads via a rotating assortment of. archive files disguised as PDF documents. In September 2018, the. attachments were zip archives, 7-zip archives, and rar archives. In December 2018,. the attachments changed to gzip archives with file names ending in.gz. In all, there were more than 100 different types of. spam messages sent to thousands of recipients.
Source: https://threatpost.com/redaman-spams-russian-banking-customers-with-rotating-tactics/141129/