‘Squid Game’ Lures Used by TA575 to Distribute Dridex Malware

silversurfer

Level 84
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,565
A large-scale threat actor called TA575, which has been on researchers’ radar since late 2020, is moving across major US industries via Squid Game-themed emails containing laced attachments. These emails pose as coming from Netflix and pretend to offer early access to the show’s latest season or a role in the show, either one asking the victim to open an attached document to fill in some information.

The attachments are usually in compromised Excel docs format and contain malicious code execution macros. Once they are opened, if the user enables macros, the Dridex banking trojan affiliate id “22203” is downloaded from Discord URLs. The successful Dridex banking trojan is disseminated by several affiliates and can result in data theft and the installation of additional malware such as ransomware.


Source: proofpoint​