What is Dridex Malware?

Anti VirusCyber SecuritySafe & Security

Malware that makes use of Microsoft Office macros is called Dridex malware. Hackers may use it to steal financial data and other user identifiers. It often takes the form of a spam email with an attached Word document.

  • Dridex virus emerged from an earlier product dubbed Zeus Trojan Horse, according to cybersecurity specialists. When anything is downloaded or otherwise integrated, usually without the end user's knowledge, it enters the system as what appears to be a secure application or product and causes havoc.

  • Zeus Trojan Horse, a type of banking malware with backdoor access points that is self-replicating and opens the door to other malware products, evolved into the Dridex virus. Dridex is an example of how malware has evolved into a spam-carried product.

  • It was founded by Necurs Maksim Yakubets. It is a sophisticated and evasive banking malware. Despite being built on a relatively old malware code, it has undergone significant updates over time. It is now capable of adopting incredibly effective infiltration techniques, making it particularly deadly.

  • In order to trick people into opening an email attachment for a Word or Excel file, this malware would send spam email campaigns to Windows users. The Dridex malware, which is concealed within these files, will infect computers and steal personal data, primarily banking passwords.

  • Potential targets within the financial services industry include financial institutions and clients, mainly from English-speaking nations. Dridex gained increasing significance in 2020, affecting 3–4 percent of global organizations.

Malware like this banking Trojan should be avoided since it exposes users to the risk of financial fraud. The malware has also been systematically updated over the last ten years, indicating that it was probably created and edited by a team. Dridex is thought to have been created by a group called EvilCorp.

Is Dridex Malware Detectable?

Dridex has undergone numerous generations, just like the Emotet trojan. Dridex has added several features during the past ten years, including peer-to-peer encryption, peer-to-command-and-control encryption, XML scripting, and hashing techniques. As the security community responds with improved detection and mitigations, every new version of Dridex, like Emotet, marks a step forward in the global arms race, the researchers noted.

It is anticipated that Dridex will experience additional modifications in the future. Given the ssl-pert[.]com domain's same-day deployment and execution on June 26th and the actors behind this form of Dridex's propensity to employ randomly generated variables and URL directories, it is likely that indicators will change throughout the campaign.

People can utilize technologies that don't focus on signature-based threat detection to detect Dridex potentially. For instance, certain technologies may make use of machine learning, which can model network traffic in order to comprehend user behavior patterns. Then, unusual traffic can be noted and examined further. If malware detection software detects unusual behavior or.exe files, it might also be effective. As a result, some anti-malware programs will be able to find Dridex.

How Does Dridex Enter Your PC?

A Microsoft Word or Excel document attachment is sent as part of an email to the target during a Dridex virus attack. This document contains a payload that downloads the Dridex malware, which was created expressly to target the victim's login information for online banking. In these attacks, legitimate company names are used to entice the victim into opening the attachment. Some of these emails may also include an invoice that shows that they were sent by a software provider, bank, or online store.

When the victim clicks on the email attachment, Dridex malware is downloaded and installed. Following a successful installation, the attacker then carries out the following operations −

  • Activate files

  • Upload data

  • Obtain files

  • Observe the network traffic

  • Take screenshots of your browser

  • Join a botnet using the infected machine

  • Additional modules need to be downloaded and run

  • Utilize the peer-to-peer (P2P) protocol to communicate with other peer nodes to recover configuration information

  • Self-inject into Chrome, Firefox, and Internet Explorer browser processes to track conversations and collect information

Spam emails will be used by online criminals to spread Dridex. The victim will be prompted to open an attached Microsoft Word or Excel file in the emails that appear to be official correspondence. When the file is opened, a macro embedded within it will activate and begin a Dridex download. The malware will then start stealing banking credentials and carrying out unauthorized financial activities.

The malware will insert a keylogger, which will track and record each keystroke made on a computer's keyboard to collect information. The attackers will be able to obtain login and password details, as well as login information for online banking, thanks to this.

Dridex also has a variety of other abilities. Additionally, it is possible to enable injection attacks, which will allow the downloading of additional malware to execute remote commands or insert code into a particular software. Then, depending on the version, the malware will bundle and encrypt the stolen data before sending it across P2P networks in binary or XML.

Dridex is challenging to find since it frequently gets past antivirus detections.

How to Protect Your Device from Dridex?

Fortunately, preventing Dridex is simpler than detecting it. Some options for defense include −

  • When opening email attachments from senders, you don't know, exercise caution.

  • Open no files received from unverified or dubious email addresses.

  • Only download files from reliable sources.

  • Update your browsers and programs.

  • Use a malware detection program that employs additional techniques and signature-based threat detection.

  • Teach other people or staff members how to spot dangerous mail.

How to Remove Dridex from Your Device?

Dridex can be manually removed, although anti-malware solutions capable of detecting and eliminating Dridex are typically advised instead. Software tools like the Trojan from Malwarebytes. You may use Dridex to find and get rid of Dridex.

When a threat is discovered, the software will place a quarantine to eliminate the infection. Once the operation is finished, anti-malware solutions could urge the user to restart the computer. It is advised that people update the passwords for their financial accounts once the threat has been identified and eliminated.

Updated on 05-Aug-2022 12:45:21