Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    What's Hot

    Max Q: A lifeline | TechCrunch

    March 27, 2023

    US CFTC takes legal action against Binance, crypto markets fall

    March 27, 2023

    Lyft CEO and president stepping down to be replaced by former Amazon exec

    March 27, 2023
    Facebook Twitter Instagram
    Facebook Twitter Instagram Vimeo
    Cryptonounce.com
    Contact
    • Business
      • Deals
      • investors
      • IPO
      • Startups
      • Wall Street
    • Markets
      • Bonds
      • Commodities & Futures
      • Currencies
      • Funds & ETFs
      • Stocks
    • Crypto
      • Alticoins News
      • Binance News
      • Bitcoins News
      • Blockchain News
      • Ethereum News
      • Token Sales News
      • XRP News
    • Technology
      • Artificial Intelligence
      • Big Data
      • Cloud Computing
      • Cybersecurity
      • Gaming
      • Internet of Things
      • Mobile
      • Social Media
      • Transportation
      • VR & AR
    • FinTech
    • Personal finance
    • Grides
      • Crypto
      • FinTech
      • Investing
      • Personal Finance Guides
      • Techonology
    • Tools
      • Coins
      • ICO List
      • Organigations
      • Events
    Cryptonounce.com
    Home » Dridex Malware Now Attacking macOS Systems with Novel Infection Method
    Cybersecurity

    Dridex Malware Now Attacking macOS Systems with Novel Infection Method

    AdmincryptBy AdmincryptJanuary 6, 2023No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Jan 06, 2023Ravie LakshmananEndpoint Security/ Malware

    A variant of the infamous Dridex banking malware has set its sights on Apple’s macOS operating system using a previously undocumented infection method, according to latest research.

    It has “adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files,” Trend Micro researcher Armando Nathaniel Pedragoza said in a technical report.

    Dridex, also called Bugat and Cridex, is an information stealer that’s known to harvest sensitive data from infected machines and deliver and execute malicious modules. It’s attributed to an e-crime group known as Evil Corp (aka Indrik Spider).

    The malware is also considered to be a successor of Gameover Zeus, itself a follow-up to another banking trojan called Zeus. Previous Dridex campaigns targeting Windows have leveraged macro-enabled Microsoft Excel documents sent via phishing emails to deploy the payload.

    A law enforcement operation orchestrated by Europe and the U.S. disrupted the botnet in October 2015 and a Moldovan national named Andrey Ghinkul was arrested for his role as an administrator of the operation. In December 2018, Ghinkul was sentenced to time served by a U.S. federal court following his extradition in February 2016.

    Subsequently in December 2019, the U.S. Treasury Department imposed sanctions against Evil Corp and announced a $5 million bounty against two key members Maksim Yakubets and Igor Turashev. Despite these efforts, Dridex has continued to evolve, proving to be a resilient threat.

    Trend Micro’s analysis of the Dridex samples involves a Mach-O executable file, the earliest of which was submitted to VirusTotal in April 2019. Since then, 67 more artifacts have been detected in the wild, some as recent as December 2022.

    The artifact, for its part, contains a malicious embedded document – first detected way back in 2015 – that incorporates an Auto-Open macro that’s automatically run upon opening a Word document.

    Furthermore, the Mach-O executable is designed to search and overwrite all “.doc” files in the current user directory (~/User/{user name}) with the malicious macro code copied from the embedded document in the form of a hexadecimal dump.

    “While the macro feature in Microsoft Word is disabled by default, the malware will overwrite all the document files for the current user, including the clean files,” Pedragoza explained. “This makes it more difficult for the user to determine whether the file is malicious since it doesn’t come from an external source.”

    The macros included in the overwritten document are engineered to contact a remote server to retrieve additional files, which includes a Windows executable file that will not run in macOS, indicating that the attack chain might be a work in progress. The binary, in turn, attempts to download the Dridex loader onto the compromised machine.

    While documents containing booby-trapped macros are typically delivered via social engineering attacks, the findings once again show that Microsoft’s decision to block macros by default has prompted threat actors to refine their tactics and find more efficient methods of entry.

    “Currently, the impact on macOS users for this Dridex variant is minimized since the payload is an .EXE file (and therefore not compatible with macOS environments),” Trend Micro said. “However, it still overwrites document files which are now the carriers of Dridex’s malicious macros.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleCrypto Firm DGC Shutters Wealth Management Business – Financial Advisor IQ
    Next Article Fate Therapeutics stocks heads for record selloff after Janssen collaboration terminated and job cuts
    Admincrypt
    • Website

    Related Posts

    20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison

    March 27, 2023

    Where SSO Falls Short in Protecting SaaS

    March 27, 2023

    New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords

    March 27, 2023

    Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools

    March 27, 2023

    Leave A Reply Cancel Reply

    Our Picks
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Techonology

    Max Q: A lifeline | TechCrunch

    By AdmincryptMarch 27, 20230

    Hello and welcome back to Max Q! In this issue: Relativity Space’s Terran 1 reaches…

    US CFTC takes legal action against Binance, crypto markets fall

    March 27, 2023

    Lyft CEO and president stepping down to be replaced by former Amazon exec

    March 27, 2023

    Barclays highlights 10 top quality stocks that are also cheap

    March 27, 2023

    Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    NEWS
    • Business
    • Crypto
    • Blockchain
    • Markets
    • Technology
    FEATURED SECTIONS
    • Coins
    • ICO List
    • Organigations
    • Events
    • Grides
    FEATURED LINKS
    • Story of the day
    • Videos
    • Infographics
    CONNECT WITH US
    • Facebook
    • Twitter
    • Telegram
    • LinkedIn
    • Pinterest
    ABOUT US
    • Contact
    • Advertise
    • Sitemap
    Copyright © 2023 Cryptonounce All rights reserved. Cryptonounce.
    • Home
    • Buy Now

    Type above and press Enter to search. Press Esc to cancel.

    Sign In or Register

    Welcome Back!

    Login to your account below.

    Lost password?