Dridex’s Hijacker White-Hat Hacker Delivers Avira AV in Place of Payload

Criminal hacking cabal Evil Corp. possesses and runs Trojan Dridex notoriously known for stealing bank information. A highly successful botnet, Dridex made several million dollars; however, it largely ceased to work following a key member of its gang getting arrested inside Paphos, Cyprus following his attempt at defrauding a bank off USD 3.5m (EUR 3.12m).

German firm Avira Operations the maker of Avira anti-virus explains that some entity seemingly disabled the Trojan, partly preventing it from disseminating its malicious payload, while in the place of the malevolent web-links put downloaders of one AV tool. Fundamentally, the URL downloading Dridex has had its server files changed to the earliest, updated edition of Avira AV's Web installer.

Before this incident, the usual modus operandi of Dridex involved distribution of spam mails which carried malware-laced Word files. If pulled down and viewed, end-users got directed for activating their "Macros" a utility in Word software. The function of Macros is to let Word execute several automated operations serially. Within the present instance, the malware-laced Word documents pulled down and planted Dridex. Softpedia.com posted this dated February 8, 2016.

Anytime someone victimized with Dridex tries logging into a banking website, the Trojan immediately taps into the communication followed with diverting that end-user onto one fake web-page that appears identical to the real bank site. This is done to capture victim's account log-in credentials that would be used for the crooks to carry out spurious transactions on his name.

It seems somebody compromised the CnC servers followed with diverting each and every inbound download request onto one fresh file namely Avira AV. CnC servers frequently succumb to opposition cyber gangs' hacking for the latter making their own botnets more powerful. But for any white-hat hacker compromising the CnC brings to mind last October's Linux.Wifatch incident wherein The White Team name of one white-hat hackers' group developed one family of new malware which contaminated attack prone IoT devices followed with subsequently attempting at enhancing their defenses.

When anti-virus firm Avira started functioning it offered its product free of cost and even now greatly continues to do so.

» SPAMfighter News - 2/15/2016