skip to Main Content

Cybercrime, Dridex returns to using Intuit and invoices as bait

Technical analysis by the Malware Hunter JAMESW

New Dridex global malspam campaign themed Intuit and invoices. The attachment, a .doc file, contacts a random link from an internal list of eight and downloads a DLL, which starts the malware infection

Dridex returns to using Intuit and invoices as bait to spread in a global malspam campaign. In the last few hours, some fake emails from the expeditioner  have arrived with a .doc attachment. This, when opened, contacts a random link from an internal list of eight and downloads a DLL, which starts the malware infection chain. The company had already been exploited in October for a similar campaign, which however was based on xls attachments. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

The false Intuit email

The fake invoice

The list of eight links that download the DLL

 

Back To Top