VERY IMPORTANT

"First seen during Q3 of 2018, a backdoor named ServHelper that is associated with the hacking group TA505 has been seen targeting financial and retail sectors. With the help of this backdoor, it enabled them to install and deploy other malware like Information Stealers (Predator Stealer), and Remote Access Trojans (RAT) (FlawedAmmy, NetSupport). And in January 2020, we have encountered a new variant that is readily capable of installing a CryptoMiner bundled with it. This Miner is hidden inside the infected system through a spawned virtualized environment."