DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Talk To An Expert
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Talk To An Expert
CyberMaterial
Home Malware

Dridex ( Banking Trojan ) – Malware

Reading Time: 3 mins read
in Malware
NameDridex
Additional NamesBugat and Cridex
Type of MalwareBanking Trojan, Botnet
Location – Country of OriginRussia
Date of initial activity2014
Associated GroupsTA505, Indrik Spider
MotivationStealing online account credentials to gain access to their financial assets
Attack VectorsSpam campaigns and Exploit Kits
Targeted SystemWindows, iOS

Overview

Dridex is a Banking Trojan turned botnet, that targets the Windows platform. It is delivered by spam campaigns and Exploit Kits and relies on WebInjects to intercept and redirect banking credentials to an attacker-controlled server. Dridex contacts a remote server, sends information about the infected system, and can also download and execute additional modules for remote control. The Dridex malware has undergone numerous updates over the past 10 years. The Russia-based group Evil Corp is allegedly responsible for Dridex.

Targets

Financial institutions and their customers, mostly from English-speaking countries.

Tools/ Techniques Used

Dridex was created from the source code of the Bugat banking Trojan (also known as Cridex). Cybercriminals often spread Dridex through phishing campaigns. The fraudulent emails, which may appear to come from an official and reputable source, prompt victims to click on embedded links or to open attached Microsoft Word or Excel files. Opening one of these files triggers an embedded, malicious macro, which initiates a download of Dridex. From there, the malware installs a keylogger, which monitors and records each keystroke typed on a computer’s keyboard. This enables the attackers to see and steal login and password information, including online banking credentials. The malware then packages and encrypts stolen data before transmitting it through peer-to-peer networks in XML or binary, depending on the version. Dridex has a range of other capabilities as well. It can also enable injection attacks, initiating additional malware downloads that let operators execute remote commands or inject code into specific programs. And recently, Dridex has started delivering ransomware. Dridex is hard to detect, as it can often bypass antivirus detection controls.

Impact / Significant Attacks

By December 2019, the US Treasury estimated Dridex had infected computers in hundreds of banks and financial institutions in over 40 countries, leading to more than $100 million in theft. In 2020, Dridex affected 3%-4% of organizations worldwide.

References

  1. Dridex malware
  2. What Is Dridex Malware?
  3. Dridex malware, the banking trojan
  4. Dridex Malware Now Attacking macOS Systems with Novel Infection Method
Tags: Banking TrojanBotnetCybersecurityDridexiOSMalwaremalware nameRussiaSpamTrojanWindows
ADVERTISEMENT

Related Posts

Certified Ethical Hacker (CEH)

Certified Ethical Hacker (CEH)

July 12, 2023
Global Threat Intelligence Report April 2023

Global Threat Intelligence Report April 2023

July 11, 2023
IBM Security X-Force Threat Intelligence Index 2023

IBM Security X-Force Threat Intelligence Index 2023

July 11, 2023
Nokia Threat Intelligence Report 2023

Nokia Threat Intelligence Report 2023

July 11, 2023

More Articles

Alerts

Spearphish Campaing Targets Professionals on LinkedIn with Fake Job Offers, Infecting them with “more_eggs” Malware

April 8, 2021
Incidents

Prolific Chinese Hackers Stole US COVID funds

December 6, 2022
Alerts

CISA Releases Six Industrial Control Systems Advisories

December 20, 2022
Alerts

Google TAG reports: zero-day exploits

March 30, 2023
Alerts

SAP security advisory (AV22-511)

September 13, 2022
Incidents

San Francisco BART investigating ransomware attack

January 10, 2023
Incidents

Vatican website down in suspected hacker attack

December 2, 2022
Quotes

“It’s surprising how many elders are….”

September 7, 2022
Load More

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Alerts
  • Incidents
  • News
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
    • Tutorials
  • Report Cyber Incident
  • GET HELP
  • Contact Us

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.