Wednesday, May 28, 2025
HomeMalwareFirst Malware Family " Dridex " Banking Trojan integrate with Atom-Bombing...

First Malware Family ” Dridex ” Banking Trojan integrate with Atom-Bombing Technique

Published on

SIEM as a Service

Follow Us on Google News

IBM security Discovered a Malware family called  ” Dridex’s ”  with samples of version 4.0 of the infamous fully integrate Dangerous Auto Bombing banking trojan (Dridex v4).

Dridex v4 Reported as the only Trojan has encountered to use Atom-bombing . IBM X-Force said it is already in use in active campaigns against U.K. banks .

But majoy thing should be take necessary stop will be taken before hacking taking over other countries banking sector.

- Advertisement - Google News

Dridex’s author’s additionally took a shot at a noteworthy move up to the malware’s setup encryption.

This update incorporates executing an adjusted naming calculation, a hearty yet simple to-spot persistence mechanism and a couple of extra improvements.

Earlier version is 2 year’s old

Dridex v1 launched in late 2014.Current version as binary codes ,configuration files Development takes 2 year to embedded very critical atom-bombing Technique.

As indicated by specialists, the trojan’s source code got such a large number of updates that it went from a keeping money trojan that depended on webinjects to utilizing redirection assaults, two altogether different methods.

Dridex v2 was as short-lived as v1, and only survived until April 2015, when it was replaced by Dridex v3.

According to an X-Force report on Dridex v4 released ,

“Over the long reign of Dridex v3, we have seen some significant changes implemented into the malware’s operations, such as modified anti-research techniques, redirection attacks and fraudulent M.O. changes. It is not surprising to see a new major version released from this gang’s developers,”

A Major Version seems very hard to Detect

IBM X-Force said, Dridex’s code is based on that of the Bugat Trojan, which was first discovered in early 2010. Bugat has since evolved into a number of different variations, including Cridex and Feodo. The Dridex form first appeared in 2014.

According to the IBM ,Dridex’s build numbers are found inside its configuration and in the binary’s code.

                                     Dridex’s code version hard-coded into the binary

What makes Dridex v4 different from other AtomBombing attacks is that attackers only use “the technique for writing the payload, then used a different method to achieve execution permissions, and for the execution itself,” according to co-authors of the X-Force report Magal Baz and Or Safran.

As indicated by IBM Researchers, for Dridex v4, the malware’s makers kept the greater part of similar advancements from late v3 forms, depending on redirection assaults to block client activity, and divert victims to a clone of the genuine saving money entryway utilizing a privately introduced intermediary server.

hVNC became an integral factor later on, however just if the assailants unearthed casualties with valuable information and required RAT-like access to contaminated hosts.

Dridex switches to novel AtomBombing technique


This new and to some degree earth shattering code infusion strategy is called AtomBombing. In an exceptionally basic clarification, the strategy depends on putting away pernicious pieces of code inside molecule tables.

Molecule tables are particular to the Windows OS and permit applications to store the name of a string and a related esteem.

Molecule tables act as reserves for normally utilized strings and sections can be gotten to by all applications, not only the ones that made the information.

Dridex v4 has dropped this procedure infusion instrument that depended on a couple intensily-watched Windows API calls. As indicated by IBM, Dridex v4 now utilizes a system found by enSilo scientists in late October 2016.

enSilo Researcher’s found that aggressors could store malignant code in these particle tables and after that conjure them without utilizing the same ol’ Windows API calls.

For More Technical Details : securityintelligence

Also Read :

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Evertz SDN Vulnerabilities Enable Unauthenticated Arbitrary Command Execution

A newly disclosed critical vulnerability (CVE-2025-4009) in Evertz’s Software Defined Video Network (SDVN) product...

Russian APT28 Hackers Attacking NATO-aligned Organizations to Steal Sensitive Data

Russia’s GRU-backed APT28, widely known as Fancy Bear, has intensified its cyber espionage campaign...

XenServer Windows VM Tools Flaw Enables Attackers to Run Arbitrary Code

Citrix has issued a high-severity security bulletin addressing multiple vulnerabilities—CVE-2025-27462, CVE-2025-27463, and CVE-2025-27464—affecting XenServer...

Threat Actors Weaponize Fake AI-Themed Websites to Deliver Python-based infostealers

Mandiant Threat Defense has uncovered a malicious campaign orchestrated by the threat group UNC6032,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

VenomRAT Malware Introduces New Tools for Password Theft and Stealthy Access

A malicious cyber campaign leveraging VenomRAT, a potent Remote Access Trojan (RAT), has been...

Emerging FormBook Malware Threatens Windows Users with Complete System Takeover

A critical cybersecurity threat has surfaced targeting Microsoft Windows users, as detailed in the...

Hackers Exploit Craft CMS Vulnerability to Inject Cryptocurrency Miner Malware

Threat actors have exploited a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-32432,...