Crooks spreading the Noberus ransomware are adding weapons to their malware to steal data and credentials from compromised networks. An extensively updated version of the Exmatter data exfiltration tool was seen last month being used with Noberus in ransomware infections, and at least one affiliate using Noberus was detected using Eamfo, the info-stealing malware that connects to the SQL database where a victim’s Veeam backup software installation stores credentials, according to researchers in Symantec’s Threat Hunting Team.

Read full article on The Register