ESET cybersecurity experts: It’s a banking trojan that has already targeted users from Poland, impersonating Bolt Food. Goal: to steal banking-cryptocurrency credentials.
Technical analysis by the Malware Hunter JAMESWT
A scam within the scam distributes Dridex. The xlsb attachment on how to protect yourself on Black Friday and Cyber Monday contacts random link from an internal list and downloads the dll, starting malware infection
A scam within a scam conveys the latest Dridex global campaign. In the past few hours, the e-mail “Don’t Fall for This Holiday Survey Fraud” has been circulating, within which it warns of cybercrime attempts to steal money from users during Black Friday and Cyber Monday online shopping.
The xlsb attachment should in theory contain the tricks to protect yourself. In reality, instead, it contacts url random from an internal list and download the dll, which starts the malware infection.
Dridex is a very dangerous banking Trojan, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.