Tuesday, June 25, 2024

Dridex Malware Targeting macOS Platform Using New Entry Method

By using email attachments that resemble regular documents, a variant of Dridex (aka Bugat and Cridex), which is a banking malware is spreading to others through macOS.

Prior to now, the malware had been targeting Windows, but now it has been switched to attacking macOS instead, as reported by security researchers at Trend Micro.

Dridex Malware Targeting macOS

As one of the most common and dangerous information stealers, Dridex takes advantage of infected machines to access sensitive data, and not only that it also delivers and executes malicious programs. 

A cybercrime group called Evil Corp (aka Indrik Spider) is suspected of being responsible for this attack chain and this malware. As well as being a successor to Gameover Zeus, the malware is a new threat.

As Trend Micro has identified, the Dridex malware sample consists of an executable Mach-O file, which can be run on both macOS and iOS platforms. There are several file extensions they use in their files, including the following:-

  • .o
  • .dylib
  • .bundle

A malicious document is contained in the Mach-O file, and once it is opened by the user, the malicious document runs automatically. Afterward, Microsoft Word files in the macOS user directory are overwritten, and more files are downloaded from a remote server.

In addition, it includes an executable file (.exe) that runs the malware, Dridex. These executables cannot be run on macOS as it is not compatible with the OS. 

It is possible, however, that Mac users could unwittingly infect others with malicious software when their Word files are overwritten by malicious versions when sharing their files over the Internet.

On the compromised machine, the binary attempts to download the Dridex loader which then attempts to execute the infection. A social engineering attack is typically used to deliver documents containing booby-trapped macros.


Dridex malware is not currently a threat to Mac users, so Mac users should be safe for now since the payload is an exe file. But, there is a possibility that this virus may be modified in the future to run on macOS by attackers, so users should stay alert.

  • Attachments that are not clearly attributed to their origin should not be opened.
  • Identify the sender by checking the sender’s email address and name.
  • Use an anti-malware program that is robust.
  • With macOS, Apple has included some security tools that are built into the operating system, including Gatekeeper as well as XProtect antivirus software.

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book


Latest articles

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...

Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying...

Consulting Companies to Pay $11 Million Failing Cybersecurity Requirements

Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay...

New RAT Malware SneakyChef & SugarGhost Attack Windows Systems

Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef....

Chinese Winnti Group Intensifies Financially Motivated Attacks

Hackers are increasingly executing financially motivated attacks and all due to the lucrative potential...

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from Promokit.eu for...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles