User Documents Overwritten With Malicious Code in Recent Dridex Attacks on macOS By Orbit Brain January 7, 2023 0 303 views Cyber Security News Dwelling › Virus & ThreatsPerson Paperwork Overwritten With Malicious Code in Latest Dridex Assaults on macOSBy Ionut Arghire on January 06, 2023TweetThe cybercriminals behind the Dridex banking trojan have adopted a brand new tactic in latest assaults concentrating on macOS units, overwriting the sufferer’s doc recordsdata to ship their malicious code, Pattern Micro experiences.Lively since no less than 2012 and thought of one of the prevalent monetary threats, Dridex survived a takedown try in 2015 and remained operational after receiving varied updates. In 2019, the DHS warned of steady Dridex assaults concentrating on monetary establishments.In response to Pattern Micro, a lately noticed Dridex assault concentrating on macOS stood out due to a novel tactic employed to disguise the malicious Microsoft Phrase doc used for malware supply.The attackers distribute a Mach-o executable file that’s designed to seek for .doc recordsdata within the present person listing and write malicious macro code to all of them – in plain hexadecimal dump, not in content material.“Whereas the macro function in Microsoft Phrase is disabled by default, the malware will overwrite all of the doc recordsdata for the present person, together with the clear recordsdata. This makes it harder for the person to find out whether or not the file is malicious because it doesn’t come from an exterior supply,” Pattern Micro notes.The malicious embedded doc, the cybersecurity agency explains, shouldn’t be new, being first noticed within the wild in 2015. The analyzed Mach-o file pattern was first submitted to VirusTotal in 2019.Evaluation of the overwritten paperwork revealed the inclusion of an AutoOpen macro meant to name a number of capabilities with normal-looking names, however which had been meant to carry out nefarious actions.In response to Pattern Micro, the payload delivered by the macro was an .exe file meant to fetch the Dridex loader. Whereas the .exe file wouldn’t run on macOS, the analyzed variant may be in testing levels and will later be transformed to completely work on macOS.“Presently, the impression on MacOS customers for this Dridex variant is minimized because the payload is an exe file (and due to this fact not suitable with MacOS environments). Nonetheless, it nonetheless overwrites doc recordsdata which are actually the carriers of Dridex’s malicious macros. Moreover, it’s potential that the menace actors behind this variant will implement additional modifications that can make it suitable with MacOS,” Pattern Micro concludes.Associated: Dridex Operators Develop ‘WastedLocker’ RansomwareAssociated: US Indicts ‘Evil Corp’ Hackers With Alleged Russian Intelligence TiesAssociated: Dridex Marketing campaign Abuses FTP ServersGet the Each day Briefing Most LatestMost LearnXDR and the Age-old Drawback of Alert FatigueLots of 13 New Mac Malware Households Found in 2022 Linked to ChinaSASE Firm Netskope Raises $401 MillionRussian Turla Cyberspies Leveraged Different Hackers’ USB-Delivered MalwarePerson Paperwork Overwritten With Malicious Code in Latest Dridex Assaults on macOSRansomware Hit 200 US Gov, Training and Healthcare Organizations in 2022Qualcomm UEFI Flaws Expose Microsoft, Lenovo, Samsung Units to AssaultsRackspace Completes Investigation Into Ransomware AssaultFrance Regulator Raps Apple Over App Retailer AdvertisementsExtra Political Storms for TikTok After US Authorities BanIn search of Malware in All of the Improper Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By means of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureThe best way to Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingThe best way to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseSecurityWeek Podcast delivery document Dridex macOS macro malware overwrite files Orbit Brainhttp://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
DraftKings Data Breach Impacts Personal Information of 68,000 CustomersIntroducing the Cyber Security News DraftKings Data Breach Impacts Personal Information of 68,000 Customers.... December 20, 2022 Cyber Security News
Video: ESG – CISO’s Guide to an Emerging Risk CornerstoneIntroducing the Cyber Security News Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone.... November 4, 2022 Cyber Security News
Attackers Can Abuse GitHub Codespaces for Malware DeliveryIntroducing the Cyber Security News Attackers Can Abuse GitHub Codespaces for Malware Delivery.... January 17, 2023 Cyber Security News
SentinelOne Announces $100 Million Venture FundIntroducing the Cyber Security News SentinelOne Announces $100 Million Venture Fund.... September 23, 2022 Cyber Security News
Ethernet LEDs Can Be Used to Exfiltrate Data From Air-Gapped SystemsIntroducing the Cyber Security News Ethernet LEDs Can Be Used to Exfiltrate Data From Air-Gapped Systems.... August 24, 2022 Cyber Security News
NIST Releases New macOS Security Guidance for OrganizationsIntroducing the Cyber Security News NIST Releases New macOS Security Guidance for Organizations.... June 28, 2022 Cyber Security News
