Dridex Gone Phishing
2023-04-28 | 14:35 – 15:15
In January 2016, we discovered a new modus operandi launched by Evil Corp, the organization that owned and operated Dridex banking Trojan. A new build was released to the wild, using Andromeda botnet platform, mainly targeting users in the UK. We studied the attacks linked with the new Dridex infection campaigns and learned that the malware’s operators have made considerable investments in a new attack methodology. Dridex started to perform redirection attacks instead of the original web-injections, sending the victim to an entirely fake site mimicking the original site of the user’s bank, while presenting the authentic certificate.