ClickCease Dridex malware target Mac users

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Dridex malware targets Mac users

Obanla Opeyemi

January 16, 2023 - TuxCare expert team

Dridex, a Windows-focused banking trojan that has since expanded its capabilities to include information theft and botnet capabilities, is now targeting Macs via email attachments that appear to be regular documents.

According to Check Point Research’s 2022 Cyber Security Report, the malware, which was the fourth most prevalent malware variant in 2021, is primarily distributed through phishing and malspam campaigns. It is an information stealer malware that is linked to the cybercriminal group Evil Corp and is used to steal sensitive data from infected machines. Trend Micro, a cybersecurity software company, examined the malware and discovered that it can run on both macOS and iOS systems.

The MacOS version of the Dridex malware includes a malicious document that runs automatically when the user opens it. When it starts, it overwrites all Microsoft Word files on the infected macOS computer and connects to a remote server to download more files. One of those files is a Windows executable that Dridex can run. These executables are incompatible with macOS. However, if a user’s Word files are overwritten with malicious versions, Mac users may unknowingly infect others when sharing the files online.

The Mach-O executable is programmed to search for and replace all “.doc” files in the current user directory (/User/user name) with malicious macro code copied from the embedded document in the form of a hexadecimal dump.

Because Mac users are not always aware that their files are corrupted, Dridex specifically targets Word documents. Because people frequently share Word documents, Mac users may unknowingly share their overridden, malicious files with others, infecting those devices and causing a malware domino effect.

Since the malware is contained within an executable Windows file, it cannot infect targeted Macs. However, if a user downloads the corrupted file, it may cause malicious files to be overwritten on a Mac. When shared online, it has the potential to inadvertently infect family, friends, and coworkers with malware.

The sources for this piece include an article in TheHackerNews.

Summary
Dridex malware targets Mac users
Article Name
Dridex malware targets Mac users
Description
Dridex, a Windows-focused banking trojan is now targeting Macs via email attachments that appear to be regular documents.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023