• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
dridex malware now attacking macos systems with novel infection method

Dridex Malware Now Attacking macOS Systems with Novel Infection Method

You are here: Home / General Cyber Security News / Dridex Malware Now Attacking macOS Systems with Novel Infection Method
January 6, 2023

A variant of the notorious Dridex banking malware has established its sights on Apple’s macOS operating system applying a previously undocumented an infection technique, in accordance to most current exploration.

It has “adopted a new method to supply files embedded with malicious macros to consumers without the need of obtaining to pretend to be invoices or other business enterprise-linked data files,” Craze Micro researcher Armando Nathaniel Pedragoza reported in a technical report.

Dridex, also termed Bugat and Cridex, is an information stealer that’s acknowledged to harvest delicate knowledge from contaminated devices and supply and execute malicious modules. It is really attributed to an e-crime team acknowledged as Evil Corp (aka Indrik Spider).

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The malware is also thought of to be a successor of Gameover Zeus, itself a comply with-up to one more banking trojan termed Zeus. Prior Dridex strategies concentrating on Windows have leveraged macro-enabled Microsoft Excel paperwork despatched by means of phishing e-mails to deploy the payload.

Trend Micro’s assessment of the Dridex samples entails a Mach-O executable file, the earliest of which was submitted to VirusTotal in April 2019. Given that then, 67 more artifacts have been detected in the wild, some as new as December 2022.

The artifact, for its element, is made up of a destructive embedded document – initially detected way back in 2015 – that incorporates an Auto-Open up macro which is mechanically run upon opening the document.

This is accomplished by overwriting all “.doc” information in the recent consumer directory (~/Person/user identify) with the malicious code extracted from the Mach-O executable in the type of a hexadecimal dump.

“When the macro aspect in Microsoft Phrase is disabled by default, the malware will overwrite all the document files for the current consumer, which include the clean data files,” Pedragoza described. “This would make it extra tough for the consumer to determine irrespective of whether the file is malicious due to the fact it does not occur from an exterior resource.”

The macros included in the overwritten document are engineered to get hold of a remote server to retrieve extra data files, which features a Windows executable file that will not operate in macOS, indicating that the attack chain is a perform in development. The binary, in switch, tries to download the Dridex loader on to the compromised device.

When files that contains booby-trapped macros are usually shipped via social engineering attacks, the findings when once again present that Microsoft’s determination to block macros by default has prompted threat actors to refine their methods and find more economical solutions of entry.

“At the moment, the influence on macOS buyers for this Dridex variant is minimized considering the fact that the payload is an exe file (and hence not compatible with MacOS environments),” Pattern Micro explained. “Having said that, it still overwrites document documents which are now the carriers of Dridex’s malicious macros.”

Observed this article fascinating? Abide by us on Twitter  and LinkedIn to study a lot more special material we submit.


Some sections of this write-up are sourced from:
thehackernews.com

Previous Post: «cyber attacks on uk organisations surged 77% in 2022, new Cyber attacks on UK organisations surged 77% in 2022, new research finds
Next Post: Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS microsoft reveals tactics used by 4 ransomware families targeting macos»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless
  • UK Schools Hit by Mass Leak of Confidential Data
  • Play ransomware gang behind recent cyber attack on Rackspace
  • Personal Storage Table Files Accessed in Rackspace Attack
  • Security Industry Hits Back with MegaCortex Decryptor

Copyright © TheCyberSecurity.News, All Rights Reserved.