Dridex banking malware has recently been distributed very quickly through COVID-19 themed mails again. However, distributors do not neglect to make fun of their victims.
For several weeks now, one of the attackers who has been distributing the Dridex malware via email is making fun of the victims and security researchers. “Merry X-Mas Dear Employees!” It was said in the e-mails that the person lost his job, and he was expected to open the attached file in a sudden rush.
In another phishing campaign used to distribute the same pest, threat actors send emails stating that the victim’s friend is positive and he is in contact. When the person opens the attached encrypted file and enters the password specified in the e-mail, the macro is expected to be activated so that the contents of the file can be seen.
After the macro is activated, the malware infects the system, and a box with the COVID-19 Funeral Line number is displayed on the screen, almost finding heads with the victims.
Dridex, Russian hacker, top of the FBI wanted list “Maksim Yakubets“, a banking and botnet malware said to be developed by aka “auqa”. Spread over the years through Word and Excel files, this malware infects the system when victims activate macros in convincingly written attachments.
Right after the system is infected, it tries to steal the internet banking information on the computer and jump to other machines. At the same time, these systems are made remotely accessible for potential ransomware attacks as “zombies”.