Friday, May 9, 2025
HomeMalwareFirst Malware Family " Dridex " Banking Trojan integrate with Atom-Bombing...

First Malware Family ” Dridex ” Banking Trojan integrate with Atom-Bombing Technique

Published on

SIEM as a Service

Follow Us on Google News

IBM security Discovered a Malware family called  ” Dridex’s ”  with samples of version 4.0 of the infamous fully integrate Dangerous Auto Bombing banking trojan (Dridex v4).

Dridex v4 Reported as the only Trojan has encountered to use Atom-bombing . IBM X-Force said it is already in use in active campaigns against U.K. banks .

But majoy thing should be take necessary stop will be taken before hacking taking over other countries banking sector.

- Advertisement - Google News

Dridex’s author’s additionally took a shot at a noteworthy move up to the malware’s setup encryption.

This update incorporates executing an adjusted naming calculation, a hearty yet simple to-spot persistence mechanism and a couple of extra improvements.

Earlier version is 2 year’s old

Dridex v1 launched in late 2014.Current version as binary codes ,configuration files Development takes 2 year to embedded very critical atom-bombing Technique.

As indicated by specialists, the trojan’s source code got such a large number of updates that it went from a keeping money trojan that depended on webinjects to utilizing redirection assaults, two altogether different methods.

Dridex v2 was as short-lived as v1, and only survived until April 2015, when it was replaced by Dridex v3.

According to an X-Force report on Dridex v4 released ,

“Over the long reign of Dridex v3, we have seen some significant changes implemented into the malware’s operations, such as modified anti-research techniques, redirection attacks and fraudulent M.O. changes. It is not surprising to see a new major version released from this gang’s developers,”

A Major Version seems very hard to Detect

IBM X-Force said, Dridex’s code is based on that of the Bugat Trojan, which was first discovered in early 2010. Bugat has since evolved into a number of different variations, including Cridex and Feodo. The Dridex form first appeared in 2014.

According to the IBM ,Dridex’s build numbers are found inside its configuration and in the binary’s code.

                                     Dridex’s code version hard-coded into the binary

What makes Dridex v4 different from other AtomBombing attacks is that attackers only use “the technique for writing the payload, then used a different method to achieve execution permissions, and for the execution itself,” according to co-authors of the X-Force report Magal Baz and Or Safran.

As indicated by IBM Researchers, for Dridex v4, the malware’s makers kept the greater part of similar advancements from late v3 forms, depending on redirection assaults to block client activity, and divert victims to a clone of the genuine saving money entryway utilizing a privately introduced intermediary server.

hVNC became an integral factor later on, however just if the assailants unearthed casualties with valuable information and required RAT-like access to contaminated hosts.

Dridex switches to novel AtomBombing technique


This new and to some degree earth shattering code infusion strategy is called AtomBombing. In an exceptionally basic clarification, the strategy depends on putting away pernicious pieces of code inside molecule tables.

Molecule tables are particular to the Windows OS and permit applications to store the name of a string and a related esteem.

Molecule tables act as reserves for normally utilized strings and sections can be gotten to by all applications, not only the ones that made the information.

Dridex v4 has dropped this procedure infusion instrument that depended on a couple intensily-watched Windows API calls. As indicated by IBM, Dridex v4 now utilizes a system found by enSilo scientists in late October 2016.

enSilo Researcher’s found that aggressors could store malignant code in these particle tables and after that conjure them without utilizing the same ol’ Windows API calls.

For More Technical Details : securityintelligence

Also Read :

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cyberattackers Targeting IT Help Desks for Initial Breach

Cybercriminals are increasingly impersonating IT support personnel and trusted authorities to manipulate victims into...

New Stealthy .NET Malware Hiding Malicious Payloads Within Bitmap Resources

Cybersecurity researchers at Palo Alto Networks' Unit 42 have uncovered a novel obfuscation method...

Hackers Weaponizing Facebook Ads to Deploy Multi-Stage Malware Attacks

A persistent and highly sophisticated malvertising campaign on Facebook has been uncovered by Bitdefender...

Threat Actors Target Job Seekers with Three New Unique Adversaries

Netcraft has uncovered a sharp rise in recruitment scams in 2024, driven by three...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

New Stealthy .NET Malware Hiding Malicious Payloads Within Bitmap Resources

Cybersecurity researchers at Palo Alto Networks' Unit 42 have uncovered a novel obfuscation method...

Hackers Weaponizing Facebook Ads to Deploy Multi-Stage Malware Attacks

A persistent and highly sophisticated malvertising campaign on Facebook has been uncovered by Bitdefender...

Scattered Spider Malware Targets Klaviyo, HubSpot, and Pure Storage Platforms

Silent Push researchers have identified that the notorious hacker collective Scattered Spider, also known...