Dridex attackers aim for holiday season and spray fake Amazon gift cards

Currently, Evilcorp, which distributes free $100 gift cards, is
Sold on the dark web after stealing various confidential data during the sale of Dridex, such as bank credentials.

I rolled my arms out for the year-end holiday season and New Year holidays with Dridex malware operators. With a $100 Amazon product card for free, it is also running a large-scale phishing program. The banking Trojan horse is downloaded instead of the product card if you’re tricked by this.

Around Halloween, the bogus gift voucher campaign first launched, explains Cyberreason, the security agency.

The targets of the attack were analyzed as being primarily US and European users. As it is a popular Amazon region, it seems like it was targeted as an Amazon theme for this region because it is easier to deceive buyers. Because of the corona, the sector of Amazon in these two regions has expanded dramatically.

Emails that claim to be from Amazon are said to have been obtained by victims. A $100 gift card is said to be given out as a gesture of gratitude to customers who have contributed to the success of Amazon. There is also a link to load a gift voucher here, but when you press it, you can download Dridex in one of three forms. The techniques are as follows.

1) It is circulated in the form of a text containing a malicious term. This term file has several names, all of which have gift cards for keywords. There is a notice that in order to use the gift certificate, the content must be activated, but a malicious macro will be launched if you allow it. The obfuscated VB script executes the malicious macro.

2) Distribute using a file with a screen saver. This technique is commonly used to bypass the email security system that, based on the file extension, filters out malicious emails. These kinds of files, such as compressed files, are used by attackers to inject separate malicious components.

Assaf Dahan, Cyberreason’s chief threat analyst, states that these files are virtually like compressed files that are decompressed automatically. The attackers did not lose sight of the capabilities of these screensavers that had existed for a long time and used them well for attacks, it was also added. In these directories, VB scripts are contained as well.

3) A tool is often used to explicitly download the VB script in question by injecting a malicious connection into the body of the email. The size of the downloaded file is said to be around 2MB at this time. It seems simplistic, but it has a remarkably high success rate, and it is a tactic that is also used by other attackers. “The reason we use these three strategies is the confidence that the other can succeed even if one fails and gets stuck.”

Dridex is an infamous Trojan banking horse that has been murdering users on the Internet since 2012. It primarily steals the credentials that online bankers require. Recent versions, though, snatch other confidential data as well.

The operators of Dridex are a hacking group known as Evil Corp. For a long time, a lot of money has been made by using these attacks. It doesn’t directly use stolen bank information to steal money, but it circulates this information on the dark web so that further crimes can be committed by other attackers. Nonetheless, it should not be argued that they are the ones that have caused major harm to many firms and companies.

“It is not about the losses suffered personally by the claimants. Companies who have to pay for consumer harm suffer damages, and societal expenses are borne when those incidents have to be reviewed and investigated. This is the reason for Dahan. Moreover, if Dridex is placed in key buildings, highly confidential and proprietary knowledge, such as intellectual property, could be damaged.

So how do you defend yourself against an attack of this kind? I just need to have common sense and not be blinded by greed,”I just need to have common sense and not be blinded by greed.”Why does Amazon offer $100 for free to consumers? Where in the world are those firms? Without a price, businesses do not do good stuff. With common sense, you should know that. Anything so nice must be put into question.

Dahan emphasizes that verifying the email address is also basic. In order to make it look real, of course, the attackers were able to change the email address. However, I make errors very frequently, such as having a typo elsewhere. In the Amazon formal email address and body, there are few typos. Grammatical errors only occur in fake mail as well. Do I get a login page when I click the link?