User Documents Overwritten With Malicious Code in Recent Dridex Attacks on macOS By Orbit Brain January 7, 2023 0 147 views Dwelling › Virus & ThreatsPerson Paperwork Overwritten With Malicious Code in Latest Dridex Assaults on macOSBy Ionut Arghire on January 06, 2023TweetThe cybercriminals behind the Dridex banking trojan have adopted a brand new tactic in latest assaults concentrating on macOS units, overwriting the sufferer’s doc recordsdata to ship their malicious code, Pattern Micro experiences.Lively since no less than 2012 and thought of one of the prevalent monetary threats, Dridex survived a takedown try in 2015 and remained operational after receiving varied updates. In 2019, the DHS warned of steady Dridex assaults concentrating on monetary establishments.In response to Pattern Micro, a lately noticed Dridex assault concentrating on macOS stood out due to a novel tactic employed to disguise the malicious Microsoft Phrase doc used for malware supply.The attackers distribute a Mach-o executable file that’s designed to seek for .doc recordsdata within the present person listing and write malicious macro code to all of them – in plain hexadecimal dump, not in content material.“Whereas the macro function in Microsoft Phrase is disabled by default, the malware will overwrite all of the doc recordsdata for the present person, together with the clear recordsdata. This makes it harder for the person to find out whether or not the file is malicious because it doesn’t come from an exterior supply,” Pattern Micro notes.The malicious embedded doc, the cybersecurity agency explains, shouldn’t be new, being first noticed within the wild in 2015. The analyzed Mach-o file pattern was first submitted to VirusTotal in 2019.Evaluation of the overwritten paperwork revealed the inclusion of an AutoOpen macro meant to name a number of capabilities with normal-looking names, however which had been meant to carry out nefarious actions.In response to Pattern Micro, the payload delivered by the macro was an .exe file meant to fetch the Dridex loader. Whereas the .exe file wouldn’t run on macOS, the analyzed variant may be in testing levels and will later be transformed to completely work on macOS.“Presently, the impression on MacOS customers for this Dridex variant is minimized because the payload is an exe file (and due to this fact not suitable with MacOS environments). Nonetheless, it nonetheless overwrites doc recordsdata which are actually the carriers of Dridex’s malicious macros. Moreover, it’s potential that the menace actors behind this variant will implement additional modifications that can make it suitable with MacOS,” Pattern Micro concludes.Associated: Dridex Operators Develop ‘WastedLocker’ RansomwareAssociated: US Indicts ‘Evil Corp’ Hackers With Alleged Russian Intelligence TiesAssociated: Dridex Marketing campaign Abuses FTP ServersGet the Each day Briefing Most LatestMost LearnXDR and the Age-old Drawback of Alert FatigueLots of 13 New Mac Malware Households Found in 2022 Linked to ChinaSASE Firm Netskope Raises $401 MillionRussian Turla Cyberspies Leveraged Different Hackers’ USB-Delivered MalwarePerson Paperwork Overwritten With Malicious Code in Latest Dridex Assaults on macOSRansomware Hit 200 US Gov, Training and Healthcare Organizations in 2022Qualcomm UEFI Flaws Expose Microsoft, Lenovo, Samsung Units to AssaultsRackspace Completes Investigation Into Ransomware AssaultFrance Regulator Raps Apple Over App Retailer AdvertisementsExtra Political Storms for TikTok After US Authorities BanIn search of Malware in All of the Improper Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By means of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureThe best way to Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingThe best way to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseSecurityWeek PodcastShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp delivery document Dridex macOS macro malware overwrite files Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
OneTouchPoint Discloses Data Breach Impacting Over 30 Healthcare FirmsIntroducing the Cyber Security News OneTouchPoint Discloses Data Breach Impacting Over 30 Healthcare Firms.... July 29, 2022 Cyber Security News
US Government Wants Security Guarantees From Software VendorsIntroducing the Cyber Security News US Government Wants Security Guarantees From Software Vendors.... September 15, 2022 Cyber Security News
European Spyware Investigators Criticize Israel and PolandIntroducing the Cyber Security News European Spyware Investigators Criticize Israel and Poland.... September 22, 2022 Cyber Security News
Glupteba Botnet Still Active Despite Google’s Disruption EffortsIntroducing the Cyber Security News Glupteba Botnet Still Active Despite Google’s Disruption Efforts.... December 19, 2022 Cyber Security News
Proofpoint: Watch Out for Nighthawk Hacking Tool AbuseIntroducing the Cyber Security News Proofpoint: Watch Out for Nighthawk Hacking Tool Abuse.... November 23, 2022 Cyber Security News
High-Profile Hacks Show Effectiveness of MFA Fatigue AttacksIntroducing the Cyber Security News High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks.... September 28, 2022 Cyber Security News
Pantera Capital Plans $250M Solana (SOL) Buy, Analyst Predicts Record Rally Toward $1000March 8, 2024 75