Security researchers have spotted a new email campaign last week that is distributing a new variant of the Dridex banking trojan.
Forcepoint Security Labs said the new campaign uses compromised FTP sites to download malicious documents and expose the FTP site credentials in the process.
This attack is a departure from the usual method of using HTTP links to distribute the malicious documents.
The report states that the major regional targets were in France, UK, and Australia. The campaign attributes further suggest it is coming from Necurs.
Admins are encouraged to regularly update FTP passwords, especially given the compromised FTP accounts exposed via emails.