The cybercriminals behind the Dridex banking malware have been toying with victims and researchers in recent weeks. According to BleepingComputer, the latest example is phishing a campaign in which the attackers mock the victims by offering them a phone number for funeral services for the deceased from COVID-19.
Dridex is a banking malware that is mainly distributed via emails containing malicious Word or Excel documents. When these attachments are opened and macros are enabled, the malware will be downloaded and installed on the victim’s device.
For the past few weeks, one of Dridex’s distributors has been having fun playing with victims and researchers. Thus, for the first time, it was seen that cybercriminals troll security researchers using their names in combination with racist comments as file names containing malware and email addresses.
Last week, it was a fake e-mail notice about the dismissal of employees, which contained an Excel document and password, and when the victim opened the document and enabled macros, a congratulatory message would appear on the infected device: “Merry Christmas, dear employees!”.
In the new campaign, the same attacker sent spam emails with the topic “test result on COVID-19” in which it is claimed that the recipient was in contact with a colleague from work who is positive for omicron, a new strain of coronavirus.
“See the details in the attached document,” says an email containing a password-protected Excel document and the password needed to open the document. When a password is entered, the recipient is shown a blurred document and asked to “Enable Content” to view it. After the macros are enabled and the device becomes infected, those behind it ridicule the victims by displaying a warning containing the phone number of the “helpline” for the funeral of the deceased from COVID-19.
Since the new strain of coronavirus is highly contagious and is spreading rapidly around the world, such omicron emails are probably very effective in distributing malware, especially if the email is allegedly sent by the company’s human resources department and targets employees from the same company.
If you receive an unexpected email or an email that contains unusual attachments, before opening the attachment, check with colleagues at work to see if the email is legitimate.
Source: Informacija.rs by www.informacija.rs.
*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!