A threat group with possible connections to the operators of the Necurs botnet has employed what security vendor Bromium this week described as an Amazon-style fulfillment model to host and distribute malware on behalf of other cybercriminals. The group is using a collection of more than one dozen US-based servers to help attackers distribute a variety of malware. The malware includes the Dridex banking Trojan, GandCrab ransomware, and the Neutrino exploit kit. All of the servers hosting malware are located in a single data center in Nevada belonging to the company.”]