User Documents Overwritten With Malicious Code in Recent Dridex Attacks on macOS By Orbit Brain January 7, 2023 0 222 viewsCyber Security News Dwelling › Virus & ThreatsPerson Paperwork Overwritten With Malicious Code in Latest Dridex Assaults on macOSBy Ionut Arghire on January 06, 2023TweetThe cybercriminals behind the Dridex banking trojan have adopted a brand new tactic in latest assaults concentrating on macOS units, overwriting the sufferer’s doc recordsdata to ship their malicious code, Pattern Micro experiences.Lively since no less than 2012 and thought of one of the prevalent monetary threats, Dridex survived a takedown try in 2015 and remained operational after receiving varied updates. In 2019, the DHS warned of steady Dridex assaults concentrating on monetary establishments.In response to Pattern Micro, a lately noticed Dridex assault concentrating on macOS stood out due to a novel tactic employed to disguise the malicious Microsoft Phrase doc used for malware supply.The attackers distribute a Mach-o executable file that’s designed to seek for .doc recordsdata within the present person listing and write malicious macro code to all of them – in plain hexadecimal dump, not in content material.“Whereas the macro function in Microsoft Phrase is disabled by default, the malware will overwrite all of the doc recordsdata for the present person, together with the clear recordsdata. This makes it harder for the person to find out whether or not the file is malicious because it doesn’t come from an exterior supply,” Pattern Micro notes.The malicious embedded doc, the cybersecurity agency explains, shouldn’t be new, being first noticed within the wild in 2015. The analyzed Mach-o file pattern was first submitted to VirusTotal in 2019.Evaluation of the overwritten paperwork revealed the inclusion of an AutoOpen macro meant to name a number of capabilities with normal-looking names, however which had been meant to carry out nefarious actions.In response to Pattern Micro, the payload delivered by the macro was an .exe file meant to fetch the Dridex loader. Whereas the .exe file wouldn’t run on macOS, the analyzed variant may be in testing levels and will later be transformed to completely work on macOS.“Presently, the impression on MacOS customers for this Dridex variant is minimized because the payload is an exe file (and due to this fact not suitable with MacOS environments). Nonetheless, it nonetheless overwrites doc recordsdata which are actually the carriers of Dridex’s malicious macros. Moreover, it’s potential that the menace actors behind this variant will implement additional modifications that can make it suitable with MacOS,” Pattern Micro concludes.Associated: Dridex Operators Develop ‘WastedLocker’ RansomwareAssociated: US Indicts ‘Evil Corp’ Hackers With Alleged Russian Intelligence TiesAssociated: Dridex Marketing campaign Abuses FTP ServersGet the Each day Briefing Most LatestMost LearnXDR and the Age-old Drawback of Alert FatigueLots of 13 New Mac Malware Households Found in 2022 Linked to ChinaSASE Firm Netskope Raises $401 MillionRussian Turla Cyberspies Leveraged Different Hackers’ USB-Delivered MalwarePerson Paperwork Overwritten With Malicious Code in Latest Dridex Assaults on macOSRansomware Hit 200 US Gov, Training and Healthcare Organizations in 2022Qualcomm UEFI Flaws Expose Microsoft, Lenovo, Samsung Units to AssaultsRackspace Completes Investigation Into Ransomware AssaultFrance Regulator Raps Apple Over App Retailer AdvertisementsExtra Political Storms for TikTok After US Authorities BanIn search of Malware in All of the Improper Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By means of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureThe best way to Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingThe best way to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseSecurityWeek Podcast delivery document Dridex macOS macro malware overwrite files Orbit Brainhttp://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Updated TSA Pipeline Cybersecurity Requirements Offer More FlexibilityIntroducing the Cyber Security News Updated TSA Pipeline Cybersecurity Requirements Offer More Flexibility.... July 25, 2022 Cyber Security News
Video: ESG – CISO’s Guide to an Emerging Risk CornerstoneIntroducing the Cyber Security News Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone.... November 4, 2022 Cyber Security News
Bishop Fox Adds $46 Million to Series B Funding RoundIntroducing the Cyber Security News Bishop Fox Adds $46 Million to Series B Funding Round.... November 15, 2022 Cyber Security News
Jit Banks Massive $38.5 Million Seed Round FundingIntroducing the Cyber Security News Jit Banks Massive $38.5 Million Seed Round Funding.... June 16, 2022 Cyber Security News
No Cyberattacks Affected US Vote Counting, Officials SayIntroducing the Cyber Security News No Cyberattacks Affected US Vote Counting, Officials Say.... November 10, 2022 Cyber Security News
French Hospital Diverts Patients Following CyberattackIntroducing the Cyber Security News French Hospital Diverts Patients Following Cyberattack.... August 24, 2022 Cyber Security News