skip to Main Content

Cybercrime, here it comes the Intuit themed Dridex campaign

Technical analysis by the Malware Hunter JAMESWT

After DHL, Intuit is also used by cybercrime in its global Dridex campaign. The system is the same as that of the courier. The attachment contacts a random link from a list within it to download a DLL and infect the PC with malware

After DHL, Intuit is also used by cybercrime to drive Dridex globally. The bait is the usual false invoice with an .xlsm attachment which, if opened, contacts a malicious link chosen randomly from a list within it. This then downloads a DLL which infects the computer with the malware. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

The email-trap

The fake Intuit invoice

The internal list from which the attachment chooses randomly the link to download the DLL and infect the machine with the malware

Back To Top