Dridex
   HOME

TheInfoList



Click Here for Items Related To - Dridex
OR:
Dridex on:   [Wikipedia]   [Google]   [Amazon]

Dridex also known as Bugat and Cridex is a form of
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
that specializes in stealing bank credentials via a system that utilizes macros from Microsoft Word. The targets of this malware are
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
users who open an
email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...
attachment in Word or
Excel ExCeL London (an abbreviation for Exhibition Centre London) is an exhibition centre, international convention centre and former hospital in the Custom House area of Newham, East London. It is situated on a site on the northern quay of the ...
, causing macros to activate and download Dridex, infecting the computer and opening the victim to banking theft. The primary objective of this software is to steal banking information from users of infected machines to immediately launch fraudulent transactions. Bank information for the software installs a keyboard listener and performs injection attacks. During 2015, theft caused by this software were estimated at £20 million in the United Kingdom and $10 million in the United States. By 2015, Dridex attacks had been detected in more than 20 countries. In early September 2016, researchers spotted initial support for targeting
cryptocurrency A cryptocurrency, crypto-currency, or crypto is a digital currency designed to work as a medium of exchange through a computer network that is not reliant on any central authority, such as a government or bank, to uphold or maintain it. It i ...
wallets. In December 2019, US authorities filed charges against two suspects believed to have created the Dridex malware, including the group's alleged leader.


Evil Corp

Evil Corp ( Dridex and INDRIK SPIDER) is a Russian hacking group that has been active since 2009. In 2019, the
Federal Bureau of Investigation The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, ...
(FBI) named nine alleged members of the group, including them of extorting or
stealing Theft is the act of taking another person's property or services without that person's permission or consent with the intent to deprive the rightful owner of it. The word ''theft'' is also used as a synonym or informal shorthand term for some ...
over $100,000,000 through hacks that affected 40 countries. The
United States Department of the Treasury The Department of the Treasury (USDT) is the national treasury and finance department of the federal government of the United States, where it serves as an executive department. The department oversees the Bureau of Engraving and Printing and t ...
additionally imposed sanctions against the group. In November 2021, the
British Broadcasting Company The British Broadcasting Company Ltd. (BBC) was a short-lived British commercial broadcasting company formed on 18 October 1922 by British and American electrical companies doing business in the United Kingdom. Licensed by the British Genera ...
published an
investigation Investigation or Investigations may refer to: Law enforcement * Investigation, the work of a detective * Investigation, the work of a private investigator * Criminal investigation, the study of facts, used to identify, locate and prove the guilt ...
which found that the two alleged leaders of the group were living openly in Russia. In June of 2022 Mandiant reported that Evil Corp had was using off-the-shelf ransomware, such as Lockbit, to conceal who they are and evade sanctions. The
Office of Foreign Assets Control The Office of Foreign Assets Control (OFAC) is a financial intelligence and enforcement agency of the U.S. Treasury Department. It administers and enforces economic and trade sanctions in support of U.S. national security and foreign policy ob ...
sanctioned Evil Corp in December 2019 over development and use of Dridex malware. People in the United States were banned from "engaging in transactions" with Evil Corp. People outside the US may be subject to secondary sanctions for knowingly facilitating significant transactions with Evil Corp. The US government also charged two members of the gang and offered a reward of $5 million dollars. Mandiant have also linked the group to threat actor UNC2165. Emsisoft analysts said in December 2021 that they suspected that a ransomware infection in which REvil was a suspect was in fact the work of Evil Corp.


See also

* Botnet *
Conficker Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator passw ...
*
Gameover ZeuS GameOverZeus is a peer-to-peer botnet based on components from the earlier ZeuS trojan. The malware was created by Russian hacker Evgeniy Mikhailovich Bogachev. It is believed to have been spread through use of the Cutwail botnet. Unlike its pr ...
*
Operation Tovar Operation Tovar is an international collaborative operation carried out by law enforcement agencies from multiple countries against the Gameover ZeuS botnet, which is believed by the investigators to have been used in bank fraud and the distributi ...
*
Timeline of computer viruses and worms A timeline is a display of a list of events in chronological order. It is typically a graphic design showing a long bar labelled with dates paralleling it, and usually contemporaneous events. Timelines can use any suitable scale representin ...
*
Tiny Banker Trojan Tiny Banker Trojan, also called Tinba, is a malware program that targets financial institution websites. It is a modified form of an older form of viruses known as Banker Trojans, yet it is much smaller in size and more powerful. It works by estab ...
*
Torpig Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit ...
* Zeus (malware) *
Zombie (computer science) In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker via a computer virus, computer worm, or trojan horse program and can be used to perform malicious tasks under the remote direction of the hac ...


References

{{Hacking in the 2010s 2015 in computing Windows trojans Cyberattacks on banking industry Hacking in the 2020s 2009 establishments in Russia Russian entities subject to the U.S. Department of the Treasury sanctions Extortionists Ransomware