The cybersecurity researcher Will Bushido discovered a cyber espionage campaign aimed to steal credential from at least 15 companies worldwide.
Technical analysis by the Malware Hunter JAMESWT
Dridex is conveyed by false MSC invoices. The xlsm attachment contacts a random link from an internal list and downloads the malware, a Trojan protagonist of campaigns especially with a courier theme
False invoices from the “Mediterranean Shipping Company” (MSC) convey a new Dridex global campaign. The emails, detected by coacaman, contain an xlsm attachment.
These, if opened, contact a random link from an internal list and download the DLL, which starts the malware infection chain.
Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.