Dridex Gone Phishing

In January 2016, we discovered a new modus operandi launched by Evil Corp, the organization that owned and operated Dridex banking Trojan. A new build was released to the wild, using Andromeda botnet platform, mainly targeting users in the UK. We studied the attacks linked with the new Dridex infection campaigns and learned that the malware’s operators have made considerable investments in a new attack methodology. Dridex started to perform redirection attacks instead of the original web-injections, sending the victim to an entirely fake site mimicking the original site of the user’s bank, while presenting the authentic certificate.

Dridex operators have been able to use this malware in extremely high-value web fraud transfers. This campaign was an impressive display of cybercrime – The fraudsters donned the Trojan’s code with elaborate redirection capabilities, as well as created a web server with fraudulent versions of a large number of banks. In this talk, which includes a live demo, we will give participants detailed insight into Dridex’s enigma.

Print Friendly, PDF & Email
Magal Baz
Malware researcher for IBM Security's Trusteer.
Magal Baz

Latest posts by Magal Baz (see all)

Gal Meiri

Latest posts by Gal Meiri (see all)