Dridex's Creators Want to Steal Your Bitcoin Wallet
Recent Research Suggests That Dridex Will Soon Target Cryptocurrency Wallets
The Dridex banking Trojan (previously known as Cridex and also referred to as Bugat) has been around for quite some time now. At the beginning of the year, researchers observed a decline in its popularity when numerous ransomware families emerged and provided cyber criminals with a more hassle-free way of stealing money. That said, Dridex is not dead. Far from it. Experts at Forcepoint recently examined some new samples and came to the conclusion that over the last few months, the Trojan has received a couple of interesting new features.
Dridex Doesn't Want to Be Reverse Engineered
The Dridex infection doesn't happen immediately. First, the victim inadvertently downloads a piece of malware called Dridex loader either through a drive-by download or via macro instructions embedded in a Word document. The loader then collects details about the host such as the version of the OS, the OS' installation date, and the installed software and sends it to the C&C server. After this, the server responds by sending the module that steals your login credentials.
By having a database of infected machines, the hackers have been able to compile a blacklist of PCs that they think belong to security researchers. They have made a mistake, though.
The blacklist was put together based on the installed security and reverse engineering software, but the malware will only stop the infection if it finds a match in the username or the OS installation date. Thanks to this, Forcepoint's experts were able to continue their research and uncover one more interesting aspect of Dridex's most recent versions.
Dridex Could Soon Be After Your Cryptocurrency Wallet
It would appear that Dridex now scans the infected system for cryptocurrency wallet software. For the time being, there are no known cases of missing bitcoins because of Dridex, but researchers reckon that the hackers won't scan for cryptocurrency wallets just for the fun of it. Not surprisingly, the list of potential targets includes the most popular wallet options on the market such as Bitcore, BreadWallet, Coinbase, CoinsBank, etc. Apparently, the threat actors have decided that stealing regular money just isn't enough, and they're turning their attention to digital currency.
Their greed aside, Dridex's latest features show that one of the most dangerous banking Trojans is here to stay.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.