Security News > 2023 > January > Dridex Malware Now Attacking macOS Systems with Novel Infection Method

A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research.

Previous Dridex campaigns targeting Windows have leveraged macro-enabled Microsoft Excel documents sent via phishing emails to deploy the payload. A law enforcement operation orchestrated by Europe and the U.S. disrupted the botnet in October 2015 and a Moldovan national named Andrey Ghinkul was arrested for his role as an administrator of the operation.

Trend Micro's analysis of the Dridex samples involves a Mach-O executable file, the earliest of which was submitted to VirusTotal in April 2019.

"While the macro feature in Microsoft Word is disabled by default, the malware will overwrite all the document files for the current user, including the clean files," Pedragoza explained.

The macros included in the overwritten document are engineered to contact a remote server to retrieve additional files, which includes a Windows executable file that will not run in macOS, indicating that the attack chain might be a work in progress.

"Currently, the impact on macOS users for this Dridex variant is minimized since the payload is an.EXE file," Trend Micro said.

News URL

https://thehackernews.com/2023/01/dridex-malware-now-attacking-macos.html