Select Page

A variant of the infamous Dridex banking malware has set its sights on Apple’s macOS operating system using a previously undocumented infection method, according to latest research.

It has “adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files,” Trend Micro researcher Armando Nathaniel Pedragoza said in a technical report.

Dridex, also called Bugat and Cridex, is an information stealer that’s known to harvest sensitive data from infected machines and deliver and execute malicious modules. It’s attributed to an e-crime group known as Evil Corp (aka Indrik Spider).

The malware is also considered to be a successor of Gameover Zeus, itself a follow-up to another banking trojan called Zeus. Previous Dridex campaigns targeting Windows have leveraged macro-enabled Microsoft Excel documents sent via phishing emails to deploy the payload.

A law enforcement operation orchestrated by Europe and the U.S. disrupted the botnet in October 2015 and a Moldovan national named Andrey Ghinkul was arrested for his role as an administrator of the operation. In December 2018, Ghinkul was sentenced to time served by a U.S. federal court following his extradition in February 2016.

images from Hacker News