User Documents Overwritten With Malicious Code in Recent Dridex Attacks on macOS By Orbit Brain January 7, 2023 0 225 views Cyber Security News Dwelling › Virus & ThreatsPerson Paperwork Overwritten With Malicious Code in Latest Dridex Assaults on macOSBy Ionut Arghire on January 06, 2023TweetThe cybercriminals behind the Dridex banking trojan have adopted a brand new tactic in latest assaults concentrating on macOS units, overwriting the sufferer’s doc recordsdata to ship their malicious code, Pattern Micro experiences.Lively since no less than 2012 and thought of one of the prevalent monetary threats, Dridex survived a takedown try in 2015 and remained operational after receiving varied updates. In 2019, the DHS warned of steady Dridex assaults concentrating on monetary establishments.In response to Pattern Micro, a lately noticed Dridex assault concentrating on macOS stood out due to a novel tactic employed to disguise the malicious Microsoft Phrase doc used for malware supply.The attackers distribute a Mach-o executable file that’s designed to seek for .doc recordsdata within the present person listing and write malicious macro code to all of them – in plain hexadecimal dump, not in content material.“Whereas the macro function in Microsoft Phrase is disabled by default, the malware will overwrite all of the doc recordsdata for the present person, together with the clear recordsdata. This makes it harder for the person to find out whether or not the file is malicious because it doesn’t come from an exterior supply,” Pattern Micro notes.The malicious embedded doc, the cybersecurity agency explains, shouldn’t be new, being first noticed within the wild in 2015. The analyzed Mach-o file pattern was first submitted to VirusTotal in 2019.Evaluation of the overwritten paperwork revealed the inclusion of an AutoOpen macro meant to name a number of capabilities with normal-looking names, however which had been meant to carry out nefarious actions.In response to Pattern Micro, the payload delivered by the macro was an .exe file meant to fetch the Dridex loader. Whereas the .exe file wouldn’t run on macOS, the analyzed variant may be in testing levels and will later be transformed to completely work on macOS.“Presently, the impression on MacOS customers for this Dridex variant is minimized because the payload is an exe file (and due to this fact not suitable with MacOS environments). Nonetheless, it nonetheless overwrites doc recordsdata which are actually the carriers of Dridex’s malicious macros. Moreover, it’s potential that the menace actors behind this variant will implement additional modifications that can make it suitable with MacOS,” Pattern Micro concludes.Associated: Dridex Operators Develop ‘WastedLocker’ RansomwareAssociated: US Indicts ‘Evil Corp’ Hackers With Alleged Russian Intelligence TiesAssociated: Dridex Marketing campaign Abuses FTP ServersGet the Each day Briefing Most LatestMost LearnXDR and the Age-old Drawback of Alert FatigueLots of 13 New Mac Malware Households Found in 2022 Linked to ChinaSASE Firm Netskope Raises $401 MillionRussian Turla Cyberspies Leveraged Different Hackers’ USB-Delivered MalwarePerson Paperwork Overwritten With Malicious Code in Latest Dridex Assaults on macOSRansomware Hit 200 US Gov, Training and Healthcare Organizations in 2022Qualcomm UEFI Flaws Expose Microsoft, Lenovo, Samsung Units to AssaultsRackspace Completes Investigation Into Ransomware AssaultFrance Regulator Raps Apple Over App Retailer AdvertisementsExtra Political Storms for TikTok After US Authorities BanIn search of Malware in All of the Improper Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By means of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureThe best way to Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingThe best way to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseSecurityWeek Podcast delivery document Dridex macOS macro malware overwrite files Orbit Brainhttp://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Critical Vulnerability in Google’s Titan M Chip Earns Researchers $75,000Introducing the Cyber Security News Critical Vulnerability in Google’s Titan M Chip Earns Researchers $75,000.... August 16, 2022 Cyber Security News
RealDefense Raises $30 Million to Acquire More Privacy, Cybersecurity FirmsIntroducing the Cyber Security News RealDefense Raises $30 Million to Acquire More Privacy, Cybersecurity Firms.... October 5, 2022 Cyber Security News
Intel Introduces Protection Against Physical Fault Injection AttacksIntroducing the Cyber Security News Intel Introduces Protection Against Physical Fault Injection Attacks.... August 12, 2022 Cyber Security News
CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by MalwareIntroducing the Cyber Security News CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware.... October 21, 2022 Cyber Security News
North Korean Hackers Created 70 Fake Bank, Venture Capital Firm DomainsIntroducing the Cyber Security News North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains.... December 28, 2022 Cyber Security News
As Wiretap Claims Rattle Government, Greece Bans SpywareIntroducing the Cyber Security News As Wiretap Claims Rattle Government, Greece Bans Spyware.... December 12, 2022 Cyber Security News