Banker Trojan Dridex’s New Strains to Attack Crypto-Currency Wallets

Dridex malware strains, which have surfaced in new incarnations, appear to indicate that their forthcoming attacks will be on crypto-currency wallets. The malware, originally a banker Trojan, will chiefly target owners of Bitcoin wallets like never before. It'll scan infected computers to determine presence of widely used crypto-currency wallets, especially Ethereum and Bitcoin.

Crooks operating the new Dridex have aides busy all through the hours making the Trojan's source code up to date by including fresh features as well as fresh methods so that they would enable the malware bypass security software.

One just published report from Forcepoint outlines certain low-level script modifications which let Dridex get around anti-malware solutions and malware researchers, during the recent months. However, there are also a few evidences in the report regarding Dridex's future activities.

A highly significant and attention grabbing modification relates to the Trojan's configuration file. Whilst earlier this file was dispatched to Dridex's targeted servers from the malware's command and control server within one clear-text XML document, currently it's spread looking like one encrypted binary form.

Nevertheless, a highly enthusiastic and noticeable modification relates to the Trojan's present capability for prohibiting dubious hosts. Virusguides.com posted this online dated September 7, 2016.

Dridex's mode of attack is not blunt rather it's far more sophisticated. During the first phase, Dridex loader collects details regarding each host computer like its name; operating system's type, installation date and version; along with system's info for instance the various loaded software's names. In the second phase, the Trojan uploads these collected details onto its servers.

Forcepoint's security investigators state that Dridex is already capable for logging credentials related to Internet banking websites, accessing point of sale software, as well as using backend banking programs. Moreover, since at present it's compiling one database of widely used crypto-currency wallets, there's great possibility that Dridex's upcoming versions will manage in stealing various digital currencies, in particular, Bitcoins. Bitcoin wallets' popular names are Bitcore, Coinbase, BreadWallet and CoinsBank.

It seems it'll be hard thwarting this latest Dridex incarnation, while one fresh feature will try banning PCs that security researchers will use.

» SPAMfighter News - 9/14/2016