Browsing tag
Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators’ connections to the Russia-based Evil Corp group. The findings suggest that “Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks,” IBM Security X-Force researcher Kevin Henson […]
Forcepoint Security Labs have recently observed a peculiar email campaign distributing a variant of the Dridex banking trojan. The campaign used compromised FTP sites instead of the more usual HTTP link as download locations for malicious documents, exposing the credentials of the compromised FTP sites in the process. The malicious emails were distributed just before 12:00 UTC […]
Microsoft today patched a zero-day Word vulnerability that has been publicly attacked along with deploying fixes for Internet Explorer, Microsoft Edge and Windows 10. In all, nine Microsoft products received updates totaling 45 unique CVEs. Three of the vulnerabilities among Tuesday’s updates, according to Microsoft, are under active attack. One of the bugs (CVE-2017-0199) […]
The Dridex banking Trojan has been updated and now sports a new injection method for evading detection based on the technique known as AtomBombing. Researchers with IBM X-Force identified the new Dridex v4 sample earlier this month and said it is already in use in active campaigns against U.K. banks. They said it’s only a matter […]
The Dridex banking trojan might be involved in fewer attack campaigns, but its developers are still outfitting it with some new functionalities, including the ability to target crypto-currency wallets. Nicholas Griffin, senior security researcher at Forcepoint, explains Dridex relies on two lists to target users’ banking credentials: “These lists have gradually expanded over the months […]
All Necurs activity stopped on June 1, down ever since. The Necurs botnet, the largest malware distribution botnet known today, seems to be facing some technical problems, and the direct consequence of this downtime is a huge dip in Dridex and Locky distribution numbers. Necurs is the collective network of computers infected with the Necurs rootkit. […]
DRIDEX is steadily regaining its footing in the US just over a month after its takedown orchestrated by US and UK law enforcement agencies. Taking down servers is a significant step in crippling botnets, but unless all infrastructure are destroyed and all threat actors are caught, threats like DRIDEX are bound to resurface. As such, it […]