BACKGROUND
Dridex, also known as Bugat and Cridex, is a banking malware that steals sensitive data from infected machines, and also deliver and execute malicious modules. Previously targeting Windows computers, it is now targeting Macs to spread by using email attachments that look like regular documents.
MODUS OPERANDI
A malicious document will run automatically once a user opens it. It then overwrites all the Microsoft Word files in the user's infected computer and contacts a remote server to download more files, including a Windows executable file (.exe) that runs the Dridex malware. This file can't run on macOS, but the infected user could unknowingly infect others when they share the files.
IMPACT
- Exposure of banking and personal information
- User's macOS machine being used to spread malware
RECOMMENDATIONS
- Don't open email attachments if you are unsure of its origin. Identify the sender by checking the sender’s email address and name.
- Use a robust anti-malware program that is updated regularly.
- Download files only from trusted sources.
- Keep your applications and operating system up to date.
- Educate others on how to identify malicious emails.