News

Dridex malware: a persistent threat 

Dridex malware is an extremely sophisticated and dangerous banking Trojan designed to steal users' financial credentials and compromise the cyber security of companies and individuals including through phishing attacks.

Dridex malware hacks banking credentials

27 December 2024

Table of contents 

  • What is Dridex and how does it work 
  • Main dissemination techniques 
  • The devastating effects of Dridex malware 
  • Why it is a global threat 
  • How to protect against Dridex malware 
  • The future of the fight against Dridex 

The Dridex malware is an extremely sophisticated and dangerous banking trojan, designed to steal users’ financial credentials and compromise the cyber security of both businesses and individuals through phishing attacks. 

What is Dridex and how does it work 

Dridex was first identified in 2011 and is associated with a group of cybercriminals known as Evil Corp. This group has developed several variants of the malware, adapting it to make detection and removal increasingly difficult. 

Dridex has primarily been used for targeted attacks against banks and financial institutions, but it also affects individual users, particularly through phishing campaigns. 

Main dissemination techniques 

Dridex spreads predominantly through phishing emails. These emails are designed to appear as if they come from legitimate companies, often using logos and language that perfectly mimic official communications. 

Within these emails, users find attachments, typically Microsoft Office documents, containing malicious macros. 

When a user opens the file and enables the macros, the malware is downloaded to the device, allowing the creators of Dridex to infect systems and gain access to confidential information. 

Once installed, the malware can: 

  • Record login credentials, such as usernames and passwords 
  • Steal banking credentials 
  • Monitor online activities to gather sensitive data 

The devastating effects of Dridex malware 

The malware primarily targets negligent or distracted users, but its consequences can be devastating. 

Victims may experience unauthorized charges on credit cards, transfers from business accounts, and even severe breaches of personal and corporate data

Some of the most common consequences include: 

  • Unauthorized access to bank accounts 
  • Identity theft through the monitoring of online activities 
  • Financial damage to companies due to data loss or fraudulent transfers 

Additionally, the malware is designed to automatically update, making it a persistent and difficult-to-remove threat. 

Why it is a global threat 

Dridex has been widely used in attacks, primarily in the United States, but cases have also been reported in Europe and Asia. 

Its ability to adapt to new technologies and platforms makes it particularly dangerous, even for mobile devices, which are often less protected than computers. 

One of the most insidious aspects of this malware is its ability to leverage highly targeted phishing campaigns, also known as spear phishing. 

These campaigns target specific individuals or organizations, increasing the likelihood that the victim will open the malicious file or click on an infected website

Dridex malware spreading

How to protect against Dridex malware 

To counter Dridex malware, it is essential to adopt preventive measures and a robust cyber security strategy. Some useful tips include: 

  • Never open suspicious attachments or those from unknown senders 
  • Disable the automatic execution of macros in Microsoft Office 
  • Install antivirus software and keep it updated 
  • Verify the authenticity of websites before entering sensitive information 
  • Educate company employees on identifying phishing emails 

Additionally, banks and businesses should implement advanced monitoring systems to detect suspicious activities and reduce the risk of financial fraud. 

The future of the fight against Dridex 

The developers of Dridex continue to evolve the malware, making constant monitoring and the adoption of innovative defense technologies essential. 

Governments in several countries, including the United States, are collaborating to dismantle the networks of Evil Corp and put an end to the activities of this criminal group. 

However, most of the responsibility lies with users, who must adopt good online security practices. 

Prevention is the best defense against this type of threat. Staying informed and vigilant is critical to reducing risks and protecting sensitive data. 

Questions and answers 

  1. What is Dridex?
    Dridex is a banking trojan designed to steal financial credentials and compromise cyber security. 
  2. How does Dridex malware spread?
    Primarily through phishing campaigns that include emails with attachments containing malicious macros. 
  3. Who are the creators of Dridex?
    Dridex is associated with Evil Corp, a group of cybercriminals known for large-scale attacks. 
  4. What are the consequences of a Dridex infection?
    Credential theft, unauthorized bank transfers, data breaches, and financial damage. 
  5. How can a Dridex infection be prevented?
    By avoiding suspicious attachments, disabling macros, and using updated antivirus software. 
  6. Does Dridex only affect computers?
    No, it can also target mobile devices, although less frequently. 
  7. Why is Dridex considered a global threat?
    Because it has been used in attacks across multiple countries and continues to evolve. 
  8. Who are the main targets of Dridex?
    Individual users, financial institutions, and companies. 
  9. How does Evil Corp use Dridex in its attacks?
    By distributing the malware via phishing to access confidential information and steal money. 
  10. What should you do if you suspect a Dridex infection?
    Immediately disconnect from the internet, run an antivirus scan, and contact a cyber security expert. 
39
To top