Safe Breach Labs cybersecurity experts: The threat actor infects victims via Farsi phishing emails with a PowerShell stealer malware.
Bitdefender: Dridex is back with a Quickbooks global campaign. More than half of the phishing emails, sent to spread the malware, originate from IP addresses in Italy
Dridex is back with a Quickbooks global campaign. It has been discovered by Bitdefender cybersecurity experts. Phishing attacks masquerading as invoices targets victims in an attempt to infect their devices with the malware. The ongoing campaign began on April 19, targeting QuickBooks users from across the globe. Overall, 14% of the malicious emails reached the United States, 11% in South Korea, Germany, and India, 7% in the UK and France, 4% in Italy, 3% in Sweden, and 2% in Canada, Belgium, Austria, Switzerland and the Netherlands. More than half of the spoofed emails originate from IP addresses in Italy. The perps have forged the header (‘[email protected]’), making it seem like the messages are genuine. To avoid multiple detection tools, threat actors play with the subject lines and sender names. Attackers also tailored the emails’ body in an attempt to sneak past anti-phishing and anti-spam mechanisms.