Reversing Labs cybersecurity experts: Who opened the malicious Word attachment is required to make multiple, additional clicks to activate the embedded malware.
Cybercrime, Dridex campaign via fake Office Depot receipt
Technical analysis by the Malware Hunter JAMESWT
The latest Dridex campaign goes from a fake Office Depot receipt. The email xls attachment contacts a random url from an internal list and downloads the dll, which starts the malware infection
A false Office Depot purchase receipt conveys the latest Dridex global campaign.
The email xls attachment, if opened, contacts a random url from an internal list and downloads the dll, which starts the malware infection. The campaign in this case is generic and does not specifically target our country. In fact, there are no IP checks or blacklists. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.