3 min read

PC users warned of Dridex malware attack, targeting online bankers


October 14, 2015

Promo Protect all your devices, without slowing them down.
Free 30-day trial
PC users warned of Dridex malware attack, targeting online bankers

Do you bank online? Chances are if you’re reading an online blog that you also value the convenience that an internet bank account can give you. But, the ease of online banking comes at a price – and that price is the risk that internet criminals might be attempting to infect your computer with a view to breaking into your electronic bank account.

Today it has been announced that law enforcement agencies around the globe have thrown a spanner into the works of a malware campaign that has earnt its criminal masters’ (who allegedly called themselves “Evil Corp”) at least $50 million.

The malware, known as Dridex (but also sometimes known as Dyre, Bugat or Cridex), was used to target banking customers in Europe, and typically spread through boobytrapped Word and Excel documents that the fraudsters spammed out.


Using a variety of disguises, including innocent-looking fax messages, the criminals used social engineering techniques to lure computer users into opening poisoned attachments.

For over twenty years computer users have been warned to beware unsolicited email attachments that could be carrying malicious payloads designed to infect and compromise PCs, and yet such tactics continue to be a key weapon in the cybercriminal’s arsenal.

Users who received the malicious Microsoft Office files were tricked into enabling macros for the infection process to begin, downloading further malicious code from the net. Twenty years after the first macro viruses spread rapidly around the world thanks to Microsoft embedding a programming language into its Office suite, the problem had come back to haunt users.


Once in place, the Dridex malware silently waited on the infected computer, spying on which websites users were visiting.

And then, as soon as a computer visited a banking website, it could use HTML injection techniques to trick victims into entering their login details on a phishing site rather than the genuine bank’s site, handing their credentials straight into the hands of the online criminals.

And what if your bank used two factor authentication, sending your mobile phone an SMS message with a random number that you had to use to confirm that you wished to transfer funds out of the account into one run by the criminals?

Well, the bad guys had thought about that too. In some cases they tricked unsuspecting users into installing apps onto their smartphones, believing them to be legitimate banking apps – these malicious apps would themselves intercept SMS messages sent by the bank, and forward them to the criminals.

In September, researchers at Fujitsu uncovered a vast database of 385″€°million addresses that they said the Dridex gang were targeting with the intention of stealing financial information.

However, today the UK’s National Crime Agency has announced that it – working with international partners such as the FBI’s National Cyber Crime Unit – are ‘sinkholing’ Dridex, effectively hampering the criminals’ ability to communicate with infected computers. In this way a large portion of the Dridex botnet is now being declared “harmless”.

The writing seemed to be on the wall for Dridex, when – as Hot for Security previously reported – Andrey Ghinkul, a 30-year-old Moldovan living in Cyprus, and allegedly a key player in “Evil Corp”, was arrested last month.

As The Guardian reports, US law enforcement has alleged that Ghinkul and other members of “Evil Corp” attempted to transfer almost $1 million from a Pennsylvania school district’s bank account, and managed to steal over $3.56 million from Penneco Oil.

So, what can you do to prevent yourself from being hit by a malware attack like this in future?

  • Be wary of opening unsolicited attachments – especially if they are capable of harbouring malicious code, such as EXE, PDF, XLS, DOC, and other formats.
  • Keep your anti-virus software current by ensuring it automatically updates itself
  • Make backups of your valuable data
  • Where available, enable two-factor authentication to tighten control over your online bank account
  • Always use complex, unique passwords for each site you access on the internet. As you won’t be able to remember many strong passwords, use a password manager to help you.
  • Be careful to only install only legitimate banking apps on your smartphone, as some Dridex attacks attempted to steal security codes as they were sent via SMS to banking users’ mobiles.
  • Keep your computer security up-to-date by applying operating system and software patches

Take care folks.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like