DRIDEX – THE COMEBACK KING

12/09/2015
G DATA Blog

The next wave of finance malware is doing the rounds – and this time the attackers of German-speaking targets have switched to using typical subjects for the end of the year to lure victims into their trap: tax refunds and overdue invoices aimed at private individuals. However, they are also sending emails in English with purported scans from printers that are used as standard in companies. All the primed attachments – Microsoft Office documents – load malware onto the victim's computer and infect it with a banking Trojan from the Dridex family.

PRIVATE INDIVIDUALS BEING TARGETED

Text in the "Tax Form" email

Text in the "Invoice November 2015" email

BUSINESSES ALSO BEING TARGETED

Text of the "Scanned image from MX-2600N" email

THE MALWARE ATTACK

DRIDEX? BUT PEOPLE WERE ARRESTED FOR THAT!

HOW TO STAY ON THE SAFE SIDE