Malware researchers discovered two new malware families distributed through phishing campaigns last year carried out by the TA505 cybercriminal group. The TA505 group is the group behind Dridex banking trojan and Locky ransomware. The threat actor continues to target financial and retail sectors, the researchers say, using Microsoft Word, Microsoft Publisher, and PDF files pull the malware on the victim computer host. The infrastructure used for running these campaigns remains unknown for the time being, but it does not present hallmarks specific to Necurs botnet.
Source: https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/