Dwelling › Virus & Threats

Person Paperwork Overwritten With Malicious Code in Latest Dridex Assaults on macOS

By Ionut Arghire on January 06, 2023

Tweet

The cybercriminals behind the Dridex banking trojan have adopted a brand new tactic in latest assaults concentrating on macOS units, overwriting the sufferer’s doc recordsdata to ship their malicious code, Pattern Micro experiences.

Lively since no less than 2012 and thought of one of the prevalent monetary threats, Dridex survived a takedown try in 2015 and remained operational after receiving varied updates. In 2019, the DHS warned of steady Dridex assaults concentrating on monetary establishments.

In response to Pattern Micro, a lately noticed Dridex assault concentrating on macOS stood out due to a novel tactic employed to disguise the malicious Microsoft Phrase doc used for malware supply.

The attackers distribute a Mach-o executable file that’s designed to seek for .doc recordsdata within the present person listing and write malicious macro code to all of them – in plain hexadecimal dump, not in content material.

“Whereas the macro function in Microsoft Phrase is disabled by default, the malware will overwrite all of the doc recordsdata for the present person, together with the clear recordsdata. This makes it harder for the person to find out whether or not the file is malicious because it doesn’t come from an exterior supply,” Pattern Micro notes.

The malicious embedded doc, the cybersecurity agency explains, shouldn’t be new, being first noticed within the wild in 2015. The analyzed Mach-o file pattern was first submitted to VirusTotal in 2019.

Evaluation of the overwritten paperwork revealed the inclusion of an AutoOpen macro meant to name a number of capabilities with normal-looking names, however which had been meant to carry out nefarious actions.

In response to Pattern Micro, the payload delivered by the macro was an .exe file meant to fetch the Dridex loader. Whereas the .exe file wouldn’t run on macOS, the analyzed variant may be in testing levels and will later be transformed to completely work on macOS.

“Presently, the impression on MacOS customers for this Dridex variant is minimized because the payload is an exe file (and due to this fact not suitable with MacOS environments). Nonetheless, it nonetheless overwrites doc recordsdata which are actually the carriers of Dridex’s malicious macros. Moreover, it’s potential that the menace actors behind this variant will implement additional modifications that can make it suitable with MacOS,” Pattern Micro concludes.

Associated: Dridex Operators Develop ‘WastedLocker’ Ransomware

Associated: US Indicts ‘Evil Corp’ Hackers With Alleged Russian Intelligence Ties

Associated: Dridex Marketing campaign Abuses FTP Servers

Get the Each day Briefing

• Most Latest
• Most Learn

• XDR and the Age-old Drawback of Alert Fatigue
• Lots of 13 New Mac Malware Households Found in 2022 Linked to China
• SASE Firm Netskope Raises $401 Million
• Russian Turla Cyberspies Leveraged Different Hackers’ USB-Delivered Malware
• Person Paperwork Overwritten With Malicious Code in Latest Dridex Assaults on macOS
• Ransomware Hit 200 US Gov, Training and Healthcare Organizations in 2022
• Qualcomm UEFI Flaws Expose Microsoft, Lenovo, Samsung Units to Assaults
• Rackspace Completes Investigation Into Ransomware Assault
• France Regulator Raps Apple Over App Retailer Advertisements
• Extra Political Storms for TikTok After US Authorities Ban

In search of Malware in All of the Improper Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Pc Says About You

Be in a Place to Act By means of Cyber Situational Consciousness

Report Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice 12 months To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

The best way to Determine Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Enticing

The best way to Defend Towards DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

SecurityWeek Podcast

Orbit Brain

http://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.