Experts warn of a new variant of the Dridex banking malware that is targeting systems using the macOS operating system.
The Dridex banking Trojan that has been around since 2014, it was involved in numerous campaigns against financial institutions over the years and crooks have continuously improved it. The banking malware is believed to be operated by the cybercrime gang known as Evil Corp.
The sample analyzed by Trend Micro arrived in the form of a Mach-o executable file: a.out (detected asTrojan.MacOS.DRIDEX.MANP).
The earliest sample analyzed by Trend Micro was submitted to VirusTotal in April 2019, while the most recent one is dated December 2022.
“The data segment of the sample contains the malicious embedded document and is used by the _payload_doc variable. The disassembly shows that the malware performs a loop where the content of _payload_doc is copied until the counter reaches _payload_doc_len, the size of the malicious code.” reads the analysis published by Trend Micro. “Once the malicious code is ready, the cstring segment plays a role in overwriting the code to the target files.”