The Dridex virus typically distributes itself through spam messages or emails that include malicious attachments, most often a Microsoft Office file or Word document integrated with malicious macros.
Once the malicious file has been clicked, the macros download and install the main payload of the virus – the trojan program itself – from a hijacked server, which installs and runs on the victim's computer.
The Dridex trojan program then creates a keylogger on the infected machine and manipulates banking websites with the help of transparent redirects and web-injects.
This results in stealing victim's personal data like usernames and passwords, with an ultimate aim to break into bank accounts and siphon off cash.
Hacker replaces Trojan with Anti-virus
However, the recent Hack Surprises: Instead of distributing banking trojan, a portion of the Dridex botnet currently seems to be spreading legitimate copies of the free anti-virus software from Avira, as the company has announced itself.
"The content behind the malware download [link] has been replaced, it is now providing [a legitimate], up-to-date Avira web installer instead of the usual Dridex loader,"
Avira believes that the white hat hacker or hackers may have hacked into a portion of infected web servers using the same flaws the malware authors used and then replaced the malicious code with the Avira installer.
So, once infected, instead of receiving Dridex malware, the victims get a valid, signed copy of Avira antivirus software.
No comments:
Post a Comment