In early June 2019, independent security expert Brad Duncan discovered a new version of Dridex, which used Application Whitelisting to block or disable Windows Script Host elements. In fact, this means that the abuse of WMI (WMIC) allows Malvare to use XLS scripts and bypass the defense mechanisms.
“Of note, the Dridex DLL files are 64-bit DLLs using file names that are loaded by legitimate Microsoft Windows system EXEs. These file paths, file names, and associated SHA256 hashes change every time the victim logs onto the infected Windows host”, — reported Brad Duncan.
Now a more detailed report on the new version of the Trojan was released by experts of the company eSentire. Researchers write that initially, when a sample was loaded onto VirusTotal, only 6 out of 60 protective solutions “detected” malware in Dridex. As of July 2, 2019, the number of detections increased to 46 out of 60.
Analysts at eSentire write that a new variation of Dridex is distributed through spam emails with malicious attachments. These documents contain malicious macros, which can be triggered by various interactions with the victim (it all depends on the specific system environment).
“The malware targets banking information on the victim system. Over the last decade, Dridex underwent a series of feature augmentation, including a transition to XML scripts, hashing algorithms, peer-to-peer encryption, and peer-to-command-and-control encryption”, — reported eSentire specialists.
Experts warn that many antivirus solutions may detect suspicious behavior of Dridex, but will not be able accurately determine the problem. Given the constant changes that occur in the Trojan infrastructure, signature-based antivirus software may be useless against Dridex.
Given email as the initial access point, employees are the first line of defense against this threat. Expect financial departments to be targeted by unsolicited invoices carrying malicious macros within.
About News-bfopeci.info News-bfopeci.info pop-ups can not open out of nowhere. If you have clicked on…
About News-bfugaho.info News-bfugaho.info pop-ups can not introduce out of the blue. If you have clicked…
About News-bganise.info News-bganise.info pop-ups can not launch out of the blue. If you have actually…
About News-xhijupa.com News-xhijupa.com pop-ups can not introduce out of the blue. If you have clicked…
About News-xnicini.cc News-xnicini.cc pop-ups can not open out of the blue. If you have clicked…
About News-xpafema.cc News-xpafema.cc pop-ups can not launch out of nowhere. If you have clicked on…