Before You Click - The Multifaceted DRIDEX Trojan

DRIDEX, a multifaceted Trojan horse!

First appearing in 2011 in several EU countries and also spreading to the United States, the Dridex Trojan first made headlines in France in 2015 through several large-scale phishing campaigns targeting French organizations.

Specializing in banking theft, Dridex primarily targets Windows users. It infects computers in a predictable manner, as the malware once again hides within Word or Excel files (often disguised as an invoice). Theseemail attachments are designed to look identical to emails that appear to be sent by official organizations. Once opened, these malicious files prompt the user to enable macros. If the user accepts this macro, the banking Trojan sneaks into the system… completely unnoticed.

As Olivier Bogaert, a detective with Belgium’s Computer Crime Unit, explains:“Nothing unusual is visible, but the virus will begin to operate and start downloading other malware. This will allow the hacker to access personal information or banking data.” He adds that“Dridex is a Trojan horse that has made a comeback in recent months.” (source: Belgian Federal Police)

Also known as “Bugat” and “Cridex,” the Dridex Trojan is clearly a form of malware that has adapted and evolved over time. Over the past 10 years, it has undergone several iterations, developed in the form of:

Content hosted on compromised web servers or legitimate file-sharing sites;
VBScript or Visual Basic macros hidden in Microsoft Office documents;
Links to a web server that will execute JavaScript code to retrieve the binaries.

Social engineering is also a technique used by scammers to trick users into opening the email attachment “without suspicion.”

A banking Trojan—but not just that…

This malware is invisible and is also designed to record keystrokes in order to steal users' usernames and passwords and collect sensitive information, etc.

How can you protect yourself from Dridex?

Keep your antivirus software up to date!
Be extra careful: don’t open suspicious emails—and definitely don’t open any attachments!
If you know who sent the email but it was unexpected or seems suspicious, contact the sender by phone.
Disable the automatic macro execution feature in Office.

Do you hold a position related to risk management in your organization? Launch a cybersecurity awareness campaign.