Dridex Banking Trojan, RMS RAT Dropped via Fake eFax Messages

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Researchers from Cofense have discovered a new malspam campaign that delivers fake eFax messages designed to drop a banking Trojan and RAT cocktail via malicious Microsoft Word document attachments.

The phishing emails that impersonate eFax messages include ZIP archived XLS Microsoft Excel documents with a macro designed to download and launch Dridex and Remote Manipulator System Remote Access Tool (RMS RAT) malicious payloads.

The attackers use the two payloads to perform different tasks: the Dridex banking Trojan to collect credentials from web browsers and to exfiltrate them to their own servers, and the RMS RAT for managing the infected computers.

Cofense's research team also added that "And having both available provides a backup communication channel in case one of the malware families is detected and removed."

Phishing email sample

Phishing email sample
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top