Back With A Vengeance: Latest Dridex Banking Trojan Evades Detection
By: Jim Stickley and Tina Davis
October 14, 2019
As with so many viruses lately, the latest version of the Dridex banking Trojan is back and “better” than ever. Even more disturbing, this latest variant has been escaping detection by many anti-virus tools. The banking Trojan is infamous for stealing financial account credentials through email phishing, and is believed backed by Russian actors. Researchers recently found the new Dridex has so far escaped discovery by 41 of 60 anti-virus software products. Experts agree the Trojan now focuses much of its latest capabilities around avoiding detection–not great news for financial institutions, their employees, and users who do their banking online.
First discovered in 2011, Dridex has been continually upgrading into more powerful and effective versions. Like many types of malware, its creators have been actively evolving and improving the software’s capabilities and attack vectors over time. Dridex invades systems by infecting software programs that use macros, like those commonly found in Microsoft Word and Excel documents. Since these files are often sent through email attachments, they easily infect networks and quickly spread throughout entire systems. By using macros, anti-virus software has a difficult time recognizing Dridex malware before it invades its target.
Since Dridex enters systems through phishing emails, keeping your anti-phishing Spidey-sense on high alert is most important. Always approach emails with caution, even though they appear to be from a trusted source. It’s no secret that email senders you trust can be impersonated, allowing attackers to use their email address to trick recipients into lowering their guard. In particular, when emails contain links or attachments, especially from those you don’t know, don’t click or open them. Since malware is infamous for hiding most anywhere, those emails are best deleted. Keep system software updated at all times, as it often has fixes for security bugs that can leave you vulnerable to viruses and other attacks. Being aware is always a great tool and often the first defense for keeping safe online.
There are ways to help prevent malware like Dridex from success. The first step is disabling macros used by default in Microsoft Office programs. By doing so, macros can’t automatically be used unless you give them permission...and most always, you shouldn’t do that.
For those emails appearing to be from financial institutions, no matter what the subject line may say, type in the URL from the legitimate banking website yourself or use a bookmark that you have used in the past that’s trusted. Log in to your account to see if any actions needing your information like passwords and account numbers are truly needed. Always use two-factor authentication (2FA) whenever available as an added layer of safety when logging-in, especially for finance websites of any type.