silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,154
A large-scale threat actor called TA575, which has been on researchers’ radar since late 2020, is moving across major US industries via Squid Game-themed emails containing laced attachments. These emails pose as coming from Netflix and pretend to offer early access to the show’s latest season or a role in the show, either one asking the victim to open an attached document to fill in some information.
The attachments are usually in compromised Excel docs format and contain malicious code execution macros. Once they are opened, if the user enables macros, the Dridex banking trojan affiliate id “22203” is downloaded from Discord URLs. The successful Dridex banking trojan is disseminated by several affiliates and can result in data theft and the installation of additional malware such as ransomware.
Source: proofpoint
‘Squid Game’ Lures Used by Actors to Distribute Dridex Malware
A Squid Game theme is the latest lure used by threat actors' email campaigns to get victims to click. The TA575 actor sends emails that appear to come from Netflix, urging recipients to open an attached document and fill some information in it. It uses the Dridex malware, which combines many...
www.technadu.com