Security News > 2021 > March > $4,000 COVID-19 ‘Relief Checks’ Cloak Dridex Malware

$4,000 COVID-19 ‘Relief Checks’ Cloak Dridex Malware
2021-03-17 17:04

According to researchers at Cofense, a campaign began circulating in March that capitalized on Americans' interest in the forthcoming $1,400 relief payments and other aid.

In reality, the emails offer the Dridex banking trojan.

"While static analysis easily identifies the URLs used to download malware in this case, automated behavioral analysis may have trouble recognizing the activity as malicious because it does not use macros to directly download malware or run a PowerShell script," Cofense researchers explained, in a posting on Tuesday.

Since its first appearance in 2011, the Dridex malware has been deployed via phishing emails and generally targets banking information.

By 2015, the malware was one of the most prevalent financial trojans in the wild, particularly when it came to targeting corporate employees; while later versions of the malware were designed with the added function of assisting in the installation of ransomware.

U.S. authorities are still offering up to $5 million for information leading to his arrest; they allege that Yakubets and Evil Corp. have stolen millions of dollars from victims using the Dridex banking trojan and Zeus malware.


News URL

https://threatpost.com/covid-19-relief-checks-dridex-malware/164853/