Dridex Malware Now Attacking macOS Systems with Novel Infection Method

[silversurfer]

Content source

https://thehackernews.com/2023/01/dridex-malware-now-attacking-macos.html

A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research.

It has "adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files," Trend Micro researcher Armando Nathaniel Pedragoza said in a technical report.

"While the macro feature in Microsoft Word is disabled by default, the malware will overwrite all the document files for the current user, including the clean files," Pedragoza explained. "This makes it more difficult for the user to determine whether the file is malicious since it doesn't come from an external source."

The macros included in the overwritten document are engineered to contact a remote server to retrieve additional files, which includes a Windows executable file that will not run in macOS, indicating that the attack chain is a work in progress. The binary, in turn, attempts to download the Dridex loader onto the compromised machine.

"Currently, the impact on macOS users for this Dridex variant is minimized since the payload is an exe file (and therefore not compatible with MacOS environments)," Trend Micro said. "However, it still overwrites document files which are now the carriers of Dridex's malicious macros."

Dridex Malware Now Attacking macOS Systems with Novel Infection Method

Notorious banking malware Dridex has reportedly adapted to attack Apple's macOS operating system with a new, previously unseen infection method.

thehackernews.com