Adversaries behind the Dridex trojan malware have recently resurfaced exploiting the current event’s theme to lure their victim with more sophisticated revision. Dridex Trojan malware has been in circulation and doing its malicious activity since 2011. The malware specialized in targeting the Windows system and especially the victim’s banking credentials. It can also act as spyware to capture keystroke, system information, remote command and control, and steal data from the victim’s device.
Cybersecurity experts confirmed that the Dridex malware has already evolved or has gone through a lot of revision that makes it more dreaded than other banking trojan malware. Through collaboration with different adversaries, the latest variant becomes more sophisticated and lethal than ever. Based on the analysis report, the current version aside from the default damage it can do is now a prelude to stage a more vicious attack from its collaborator, either BitPaymer or DoppelPaymer notorious for making ransomware attack.
This campaign is very timely and relevant to explore the current pandemic situation and more people leaning towards online shopping. The authorities have reported that the number of victims’ statistics grows higher.
On recent Dridex spam campaign, they sent out emails containing a Gift Card from Amazon enclosed in an attachment wherein the malware is hideously embedded.
Infection methods are being done accordingly to the victim-imposed security on its device. The compromised attachment can execute the malware through macros enabling via word document that the victim is prompted to click on ‘Enable Content’, through screensaver files to supersede any email security, and via VBscripting embedded onto the link found on the email.
With Amazon being famous in the United States and Europe, they confirmed that they received an influx of orders on their platform since the pandemic. With the spike in business, they have also regularly been targeted by many adversaries, else their customers. This is the reason that they spread awareness about the different scam they are unravelling. As a course of action, they released an official statement that authentic Amazon gift card has direct redeem code found on the email that can be processed via Amazon sites and not via emails that ask to open or download a file to redeem the code.
It is highly recommended that everyone be cautious and sceptical when opening an attachment or accessing sites on the internet that contains enticing offers. If in doubt, calling the person or the company must ensure that the emails or offers received are legitimate. Many adversaries are already lurking behind legitimate sites and can access genuine email addresses for being compromised. Being vigilant and aware of the latest cybercrime will be our initial protection to prevent us from being victims of these fraudulent acts.
