Necurs Botnet Tries to Manipulate the Stock Market

Cisco’s threat intelligence organisation Talos has distinguished that Necurs is back online. The Necurs botnet is the largest spam botnet in the world. In December, 2016 it has been used primarily for the distribution of Locky ransomware and Dridex. But, now it looks like Necurs which is taking on a new role as someone tries to manipulate the stock market.

Talos has reported that, “Necurs has been used to send high volume pump-and-dump emails without any links and attachments. In analyzing previous telemetry data associated with these campaigns, we identified a similar campaign on December 20, 2016 shortly before the Necurs botnet went offline for an extended period. This strategic divergence from the distribution of malware may be indicative of a change in the way that attackers are attempting to economically leverage this botnet”.

At this time, you can get email which gives market alert about a specific stock ticker – $INCT (InCapta Inc) which is a mobile app development company. This message says that the stock is going to be bought out at $1.37 per share by DJI, which is a drone company, based on a tip coming from a Manhattan firm. In order to entice the reader, the email further goes on to say that the move would revolutionise the drone industry by creating the first independent drones that can be dispatched to areas of interest such as crime scenes, car chases, wild fires, etc.

“The network of drones operates by connecting to a cloud and complex algorithms efficiently dispatch the drones within moments of an incident being reported. This way the media outlet that owns the drones can be the first to the scene and get exclusive, live-streamed” the message reads, adding an even more enticing element.

To add some urgency to the situation, the email claims the buyout is supposed to be announced on March 28, recommending purchase before then, saying the DJI is certainly going to pay a lot more than the current value, which means there’s a sure-fire way to get rich.

Tens of thousands of these emails were sent via Necurs already and the effects are being felt on the stock market. The stock has seen a significant increase in the volume of shares being traded, as can be seen in the screenshot taken just minutes before the news being published.