skip to Main Content

Cybercrime, a fake employee termination email on Christmas spreads Dridex

A fake employee termination email on Christmas spreads Dridex. The cybersecurity researcher TheAnalyst discovered a mail pretending to fire the victim on December 24th. The xls attachments activates the malware infection chain

A fake employee termination email spreads a new Dridex campaign. It has been discovered by the cybersecurity researcher TheAnalyst, member of the Cryptolaemus group. The message by a malware affiliate told the targets that their employment will cease as of December 24th, and that the decision is not reversible. The mail contains also an xls password-protected file. According to Bleeping Computer, enabling the content, a popup will be displayed trolling the victim with the alert: “Merry X-Mas Dear Employees!” Meanwhile, malicious macros have been executed creating and launching a malicious HTA file saved to the C:\ProgramData folder. This file pretends to be an RTF file but contains malicious VBScript that downloads Dridex from Discord to infect the device. Dridex is a very dangerous banking Trojan, protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

Back To Top