DRIDEX: Old Trojan Makes Good Stock

Dridex, also called Bugax or Cridex for the nostalgic, is a trojan developed to create an opening in Windows machines through the use of Micosoft Word files . It falls into the category of "Banking Trojan", software designed exclusively to have a way of accessing the system and be able to extort banking credentials.

Malware and Trojans: let's be clear

Before discovering how the Dridex Trojan works, it is useful to clarify the main terms we will deal with. Malware is malicious software , that is, designed and developed with the sole intent of disturbing or creating problems for an operating system. There are different types, each with its own attack logic. For example, many have recently heard about the cyber attack on the Lazio region . The software used is nothing more than a type of malware.

A trojan, or even "trojan horse" is a malware developed to exploit vulnerabilities within the operating system and be able to create a backdoor , that is a service door where data can transit without the operating system noticing. As you can understand from the Italian translation, a Trojan uses the same stratagem devised by Ulysses to besiege Troy, that is to make our objective believe that what we are proposing is not a siege tool but a gift.

DRIDEX: how does this trojan work?

The Dridex Trojan relies on macros, ie a set of Microsoft Word instructions. In this way, the target system will simply see a word file and when it opens it, it will start the aforementioned set of instructions to download our dear trojan in the background.

The dridex Trojan exploits Microsoft Word macros.
The dridex Trojan exploits Microsoft Word macros.

Once the backdoor is opened, a keylogger will be downloaded , a malware that will save every key pressed on the keyboard to a text file. This will allow the attacker or an Artificial Intelligence system to understand when we are entering login credentials on certain sites, such as the login pages of well-known credit institutions. It is easy to understand how they will be used once they are obtained.

Is it so easy to get infected? How can you protect yourself from these attacks?

Antiviruses based on Signature-based threat detection are unable to detect them , as this threat is constantly evolving by constantly changing signatures that do not allow rapid and rapid detection. A non-trivial way is to use tools, software of specific use, which implement machine learning algorithms to control the network traffic of the machine, quickly identifying if the data traffic is not normalized to the user's activity.

As you can see, the technical solutions to this type of attack are mild and require in-depth knowledge of the issue. Most of the effective countermeasures instead reside in the correct behavior (the so-called best practices ) of the user himself. To better understand the concept, here's how a “classic” attack works using this type of malware.

Let's imagine we are at home, sitting on the sofa, wandering around the immense sea of ​​the internet. It's November, Black Friday month , so we get tons of advertising emails from different companies guaranteeing insane discounts if we subscribe to the newsletter. We receive an email from our trusted store, in which it is written that if we fill in a file and send it back, we will receive an additional discount on a product that we have been looking at for some time . Blinded by this bait and switch we download the file and we are screwed. The moment we open the file, the chain of instructions stored in the file will start.

The best way to protect yourself from a Trojan like Dridex is to apply cyber security best practices.
The best way to protect yourself from a Trojan like Dridex is to apply cyber security best practices.

So as you may have guessed, the best defense we can have is knowing the type of attack. Be wary of emails that promise discounts, reductions or any kind of gift by filling out forms or forms on unsafe websites. Rely on domains that guarantee you a good degree of email security, use up-to-date antivirus that scan your email address for threats to make sure that what you are about to open is not infected. Also set up and use 2FA , or two-factor authentication, which will make the attack very difficult and arduous.

In conclusion, we must not be frightened by these attacks. With small tricks we will be able to surf safely in the great sea of ​​the internet, without incurring a pirate attack, keeping our finances safe. As my mother used to say as a child: do not accept candy from strangers!

Curated by Jacopo Iezzi

The DRIDEX article : Old Trojan Makes Good Stock comes from Tech CuE | Close-up Engineering .