Safe Breach Labs cybersecurity experts: The threat actor infects victims via Farsi phishing emails with a PowerShell stealer malware.
Technical analysis by the Malware Hunter JAMESWT
Cybercrime, the Dridex campaign via Quickbooks back. The xls attachment of the mail, also arrived in Italy, randomly contacts a link from an internal list and downloads the dll, starting the malware infection
Dridex is once again hiding behind a fake Quickbooks email, which has also arrived in Italy.
The xls attachment randomly contacts a url from an internal list and downloads the dll, which starts the malware infection. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.