The latest malware from TA505 has been seen targeting banks, retailers and restaurants with two different versions of the latest version of the malware. It’s named after the file names associated with the infection. The primary motive is, as usual, financial: TA505 appears to be actively targeting financial institutions as they distribute these malware families, said Proofpoint researchers, in a posting this week. In December, TA505 mixed it up with another downloader-variant campaign, which used a mixture of Microsoft Word attachments with embedded malicious macros.
Source: https://threatpost.com/ta505-servhelper-malware/140792/