BleepingComputer cybersecurity experts: Threat actors exploit the CVE-2021-20038 to execute code as the 'nobody' user in compromised appliances.
Technical analysis by the Malware Hunter JAMESWT
Dridex global campaign via xlsm and Cutwail. False xlsm invoice, distributed by the botnet, contacts a random link from an internal list and download the dll with starts malware infection
Dridex exploits a false xlsm invoice to spread itself in a global malspam campaign.
The file, if opened, contacts a random link from an internal list and downloads the DLL, which starts the malware infection chain.
Furthermore, as cybersecurity researcher moto_sato discovered, malicious documents are distributed by the Cutwail botnet. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.