Forcepoint Security Labs have recently observed a peculiar email campaign distributing a variant of the Dridex banking trojan. The campaign used compromised FTP sites instead of the more usual HTTP link as download locations for malicious documents, exposing the credentials of the compromised FTP sites in the process.
Article Link: https://blogs.forcepoint.com/security-labs/new-year-new-look-dridex-compromised-ftp