By using email attachments that resemble regular documents, a variant of Dridex (aka Bugat and Cridex), which is a banking malware is spreading to others through macOS.
Prior to now, the malware had been targeting Windows, but now it has been switched to attacking macOS instead, as reported by security researchers at Trend Micro.
As one of the most common and dangerous information stealers, Dridex takes advantage of infected machines to access sensitive data, and not only that it also delivers and executes malicious programs.
A cybercrime group called Evil Corp (aka Indrik Spider) is suspected of being responsible for this attack chain and this malware. As well as being a successor to Gameover Zeus, the malware is a new threat.
As Trend Micro has identified, the Dridex malware sample consists of an executable Mach-O file, which can be run on both macOS and iOS platforms. There are several file extensions they use in their files, including the following:-
A malicious document is contained in the Mach-O file, and once it is opened by the user, the malicious document runs automatically. Afterward, Microsoft Word files in the macOS user directory are overwritten, and more files are downloaded from a remote server.
In addition, it includes an executable file (.exe) that runs the malware, Dridex. These executables cannot be run on macOS as it is not compatible with the OS.
It is possible, however, that Mac users could unwittingly infect others with malicious software when their Word files are overwritten by malicious versions when sharing their files over the Internet.
On the compromised machine, the binary attempts to download the Dridex loader which then attempts to execute the infection. A social engineering attack is typically used to deliver documents containing booby-trapped macros.
Dridex malware is not currently a threat to Mac users, so Mac users should be safe for now since the payload is an exe file. But, there is a possibility that this virus may be modified in the future to run on macOS by attackers, so users should stay alert.
Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book
Researchers uncovered several significant vulnerabilities within Azure DevOps, specifically focusing on potential Server-Side Request Forgery…
Socket’s threat research team has identified a series of malicious npm packages specifically designed to…
Researchers have reported a series of sophisticated cyber attacks aimed at organizations in Chinese-speaking regions,…
Large-scale DDoS attack commands sent from an IoT botnet's C&C server targeting Japan and other…
Bug bounty programs have emerged as a critical avenue for researchers to identify vulnerabilities in…
Security researchers have uncovered a severe vulnerability in OpenAI's ChatGPT API, allowing attackers to exploit…