skip to Main Content

Cybercrime, Dridex associated with false Intuit QuickBooks invoices is back

Technical analysis by the Malware Hunter JAMESWT

Dridex returns with the Intuit (QuickBooks) themed campaign. The email contains a link that downloads a .doc document. This, if opened, contacts a link that downloads a DLL that infects the PC with malware

Dridex returns to using Intuit (QuickBooks) in its global campaign. In these hours, a series of emails on false invoices circulate, but without attachments. In the text there is a link that, if open, downloads a .doc document. This, once started, downloads a DLL that infects the victim’s computer with malware. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

The fake Intuit QuickBooks mail

The .doc document that contacts a link and downloads the DLL

 

Back To Top