‘Squid Game’ Lures Used by TA575 to Distribute Dridex Malware

[silversurfer]

Content source

https://www.technadu.com/squid-game-lures-used-by-actors-to-distribute-dridex-malware/309794/

A large-scale threat actor called TA575, which has been on researchers’ radar since late 2020, is moving across major US industries via Squid Game-themed emails containing laced attachments. These emails pose as coming from Netflix and pretend to offer early access to the show’s latest season or a role in the show, either one asking the victim to open an attached document to fill in some information.

The attachments are usually in compromised Excel docs format and contain malicious code execution macros. Once they are opened, if the user enables macros, the Dridex banking trojan affiliate id “22203” is downloaded from Discord URLs. The successful Dridex banking trojan is disseminated by several affiliates and can result in data theft and the installation of additional malware such as ransomware.

Source: proofpoint​

‘Squid Game’ Lures Used by Actors to Distribute Dridex Malware

A Squid Game theme is the latest lure used by threat actors' email campaigns to get victims to click. The TA575 actor sends emails that appear to come from Netflix, urging recipients to open an attached document and fill some information in it. It uses the Dridex malware, which combines many...

www.technadu.com

 

[LASER_oneXM]

TA575 criminal group using 'Squid Game' lures for Dridex malware

The emails come with subject lines saying things like "Squid Game is back, watch new season before anyone else," or pretend to offer victims a spot in the cast of the show's second season.

www.zdnet.com