TA505 is a prolific cybercriminal group known for its attacks against multiple financial institutions and retail companies using malicious spam campaigns and different malware. In the group’s latest campaign, the group is targeting financial institution employees via phishing email luring them to download malicious attachments. In the email is the malware Get2 Downloader which is (aka FRIENDSPEAK; GetAndGo). After successfully installing the malware, it connects to command and control (C2) server and download the SDBot Remote Access Trojan (RAT) and harvest financial data. Data exfiltration is the major goal of this campaign and is currently active and targeting users in different organizations.