Banking malware Dridex has come back to life, according to security researchers. The malware, which is known to exploit Microsoft Office programs to infect financial systems, was taken down by the FBI in late 2015. However, despite both the FBI and UK's National Crime Agency's (NCA) joint efforts to shut down the malware, recent email spam activities indicate that the malware is indeed back at work.
Security firm Trend Micro revealed that it has noted a spike in Dridex related email spam activities in various countries, including the US, Brazil, China, Germany and Japan. The firm also pointed out that 60% of the cyberattacks were targeted toward the US. Trend Micro also highlighted that the malware's new campaign indicates that while it remained inactive, Dridex evolved.
"There are significant differences from this particular DRIDEX campaign as opposed to its previous waves," Trend Micro researchers said. "Instead of the usual fake invoice or notification baits, DRIDEX plays on people's fears of having their accounts compromised." In other words, cybercriminals have designed a new campaign which ironically, lures in victims by capitalising on their fear of being hacked.
"This kind of attack, which works on certain kinds of people better than others, attempts to get users to open the email and click on any link by using fear tactics. Even worse, now it's able to use the command-line program Certutil, which allows DRIDEX to pass itself off as a legitimate certificate. In other words, to unwary eyes, the email will look real," Trend Micro warns.
Citing a report by Dark Reading, the firm highlighted that the newly uncovered spam email campaign is not the first sighting of the Dridex malware in 2016. This indicates that the malware may have either changed hands or code leaks may have enabled other threat actors to get their hands on it.
Trend Micro security researchers advised that users exercise caution when faced with new and unfamiliar emails and remain wary of email scams. "When old strains of malware become a new threat, it's crucial to make sure your computer systems are protected. In addition, it's best practice to avoid clicking on links in emails that come from unknown entities," the firm said.