Dridex is a form of malware, spread through the use of email, whose main goal is stealing banking credentials through the use of macros in Microsoft Word or Excel. Once the user opens the document the infection of the computer begins. Utilizing injection attacks, the results can lead to loss of information, system compromise and denial of service (DoS). By injecting malicious code into a website the user is currently visiting, it has the capability of intercepting the entered credentials. Only users of Windows computers are affected. Users of Mac OS, Chrome OS or mobile devices are not vulnerable.
Prevention
- Disable macros
- Keep your anti-virus up-to-date and regularly scan devices
- Keep all software patched and up-to-date
- Delete suspicious, unsolicited emails.
- Use 2 factor authentication on websites where possible
- Educate your end users of the possible threat
Characteristics
- If you enable the macro you will most likely see a few lines of unreadable data. This will appear to make little sense to you and may make you think that the file became corrupt. But in the background the malware is infecting your device, installing a keystroke logger and web injections. Your device may then be used to assist with denial of service attacks and sending spam.
Infected?
- Change your online banking credentials (using a different device)
- Contact your bank to alert them.
- Change other online credentials you may have accessed
- Remove the infection before connecting back to the Internet and/or network
Other banking Trojans:
Resources