Dridex, the well-known banking malware has been compromising computers by infecting the all prevalent macros in Microsoft Office suite. The Dridex Malware has been known to steal personal information and banking credentials after gaining access to the system disguised as an MS Word attachment received in a spam mail. The malware may now have the capability of delivering bitcoin ransomware to target computers, causing additional damage to its victims.
According to the recent report published by Buguroo Labs, Dridex has evolved from being just a malware to a malware distribution platform. This information was revealed during a study conducted by the company last month. The report states that the company made use of a vulnerability in the codes of the Dridex infrastructure to analyze the malware. The revelation obtained by analyzing the stolen data has shown that it is much a much bigger security threat than it was earlier believed to be. Dridex is one of the most sophisticated malware currently out there which has been successful in avoiding detection by security software in multiple occasions. It has targeted many companies across the internet, seriously compromising their security.
Buguroo Labs is a cybersecurity firm founded in 2010. The company is known for using cyber intelligence to develop cloud-based cyber security solutions, accessible 24×7 across the world. The firm, in its report, has published the key findings from its study of Dridex. The study has pointed out few ‘crude vulnerabilities’ as the company prefers to call them. These vulnerabilities are linked to few gate URLs that are part of 220 subnet. The malware is being constantly upgraded, and the recent upgrade shows the inclusion of additional targets to its workflow involving the use of Automatic Transfer System mechanism to steal money from the bank accounts of the users after successfully hijacking the sessions on the computer.
The malware is known to have affected users from over 100 countries in just one campaign, compromising credit card information belonging to an estimated 900 users. The levels of threat associated with Dridex has increased considerably in the Middle East, Africa, and Latin America. Going by the numbers, it may have so far caused losses of over $100 million to various companies it has targeted so far.
What makes it even more serious is its evolution into a malware distribution platform. It has become like Akamai and other content delivery networks used by companies to deliver their content to customers, it is delivering bitcoin ransomware like Locky to unsuspecting users. It doesn’t matter whether it is your company’s computer or home computer running any operating system. Once Locky is downloaded and activated on the computer, it will encrypt all files, removes backup and volume snapshot services to effectively lock the user out of his/her own computer. In order to regain access to the system, the victim will be forced to pay a ransom of anywhere between 0.5 to 1.0 bitcoin. Once the damson is paid, the user will be able to download the decoder to decrypt the files on the computer.
As the cyber security experts are working on finding a solution to counter Dridex and ransomware threats, it is advisable not to open any email containing suspicious attachments.