skip to Main Content

Cybercrime, Dridex uses fake UPS invoice as the ultimate bait

Technical analysis by the Malware Hunter JAMESWT

New malspam campaign of cybercrime to convey Dridex, also in Italy. It uses an xlsm attachment that contacts a random link from an internal list of over 30 and downloads a DLL that starts the malware infection

Dridex is hiding behind a new global malspam campaign, which uses a fake UPS invoice as a decoy. The goal is to have the potential victim open the attachment of the email, an xlsm file. This, in fact, contacts a random link from an internal list that contains over 30 and downloads a DLL that starts the malware infection chain. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

The false UPS email

The fake invoice

The links contacted to download the DLL and start the malware infection chain

Back To Top