fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Dridex Malware Trolls Employees with Fake Job Termination Emails

Dridex Malware Trolls Employees with Fake Job Termination Emails

A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season’s greeting message.

Dridex is a banking malware spread through malicious emails that was initially developed to steal online banking credentials. Over time, the developers evolved the malware to use different modules that provide additional malicious behavior, such as installing other malware payloads, providing remote access to threat actors, or spreading to other devices on the network.

This malware was created by a hacking group known as Evil Corp, which is behind various ransomware operations, such as BitPaymer, DoppelPaymer, WastedLocker variants, and Grief. Due to this, Dridex infections are known to lead to ransomware attacks on compromised networks.

Also Read: What You Need to Know About Singapore’s Data Sharing Arrangements

Dridex affiliate trolls researchers, victims

A Dridex affiliate has been conducting numerous malicious email campaigns over the past few weeks where they troll researchers with email addresses and filenames composed of racist and antisemitic words.

A security researcher known as TheAnalyst discovered that Dridex is again trolling people, but this time it’s the victims who are being sent fake employee termination emails.

These emails use the subject of “Employee Termination” and tell the recipient that their employment is ending on December 24th, 2021, and that “this decision is not reversible.”

The emails include an attached Excel password-protected spreadsheet named ‘TermLetter.xls’ that allegedly contains information on why they are being fired and the password required to open the document.

Dridex Employee Termination phishing email
Dridex Employee Termination phishing email

When the recipient opens the Excel spreadsheet and enters the password, a blurred “Personnel Action Form” will be displayed, saying they must “Enable Content” to view it properly.

Also Read: PDPA Compliance for HR Managers in Singapore: A Must

Malicious Excel attachment
Malicious Excel attachment

When the victim Enables Content, a popup will be displayed trolling the victim with an alert stating, “Merry X-Mas Dear Employees!”

Dridex distributor trolling victims

However, unbeknownst to the victim, malicious macros have been executed that create and launch a malicious HTA file saved to the C:\ProgramData folder.

This random-named HTA file pretends to be an RTF file but contains malicious VBScript that downloads Dridex from Discord to infect the device, all while wishing the victim a Merry Christmas.

Malicious HTA file disguised as an RTF file

Malicious HTA file disguised as an RTF file

As a little extra “joke,” the TheAnalyst told BleepingComputer that the Dridex file downloaded from Discord is named ‘jesusismyfriend.bin.’

Once Dridex is launched, it will begin installing additional malware, stealing credentials, and performing other malicious behavior.

Therefore, if you receive an email stating you are fired right before Christmas, be sure to reach out to your human resources department or employer before opening the email.

As Dridex infections commonly lead to ransomware attacks, Windows admins need to stay on top of the latest malware distribution methods and train employees on how to spot them as well.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us