skip to Main Content

Cybercrime, Dridex conveyed with a fake DHL invoice

Technical analyst by the Malware Hunter JAMESWT

The Dridex malspam campaign associated with couriers is back. DHL fake mail contains an .xlsm attachment which, when opened, contacts a random link from a list whitin. This downloads a DLL that infects the PC with malware

Dridex is hiding behind a fake DHL invoice, which cybercrime is distributing in a global malspam campaign. The email contains an .xlsm attachment which, if opened, contacts a malicious link chosen randomly from a list within it. This downloads a DLL that infects your computer with malware. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world. The targets are mainly companies, but not only. The texts in both cases are written in correct English, although there are no logos or visual references related to the shippers used as decoy.

The fake DHL invoice

The internal list from which the attachment choose the link randomly to download the DLL and infect the machine with the malware

Back To Top