skip to Main Content

Cybercrime, the invoice-themed Dridex campaign is back

Technical analysis by the Malware Hunter JAMESWT

Cybercrime returns the invoice-themed Dridex campaign. The xlsm attachment, distributed by the Cutwail botnet, contacts a random link from an internal list and downloads the malware

New global Dridex invoice-themed campaign. The lure is always C.H. Robinson. The email contains an xlsm attachment.

This, if opened, contacts a random link from an internal list and downloads the DLL, which starts the malware infection chain.

Moreover, malicious Excel documents continue to be distributed by the Cutwail botnet, as the cybersecurity researcher moto_sato discovered in relation to identical campaigns spread in recent weeks. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

Back To Top