Level 6
Malware Hunter
The Dridex banking Trojan has been updated and now sports a new injection method for evading detection based on the technique known as AtomBombing.

Atom tables are a function of the Windows operating system that allows applications to store and access temporary data and to share data between applications. An attacker can write malicious code into an atom table and force a legitimate program to retrieve it from the table, researchers describe.

Continue reading

Winter Soldier

Level 25
:D ...indeed, the code is executed when it is loaded and this happens in:

thread = CreateRemoteThread(proc, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(LoadLibrary ("kernel32.dll"), "LoadLibraryA"), remoteBuff, 0, &threadId);

MalwareTips Bot

Content Creator
Dridex v4 is making a comeback with new capabilities that make it even harder to detect.

Dridex Trojan, one of the most destructive banking Trojans to hit the Internet, has just been given an update with a new injection method that makes it even harder to detect, taking advantage of AtomBomb, IBM X-Force reports.

AtomBombing, unlike some other common injection techniques used in the wild, is meant to make evading security software a breeze.

"In this release, we noted that special attention was given to dodging antivirus products and hindering research by adopting a series of enhanced anti-research and anti-AV capabilities," reads the new research.

This new Dridex version doesn't rely on AtomBombing entirely, using only a part of the exploit for its purpose. It seems that the malware authors used the AtomBombing technique for the writing of the payload, before switching to a different method to achieve execution permission, as well as for the execution itself.

Read more: Dridex Banking Trojan Now Uses AtomBombing to Avoid Detection

Winter Soldier

Level 25
It always seems more complex a technical contextualization of these malware, seeing their fast evolution.
It is an endless race, a cat-and-mouse game.
I believe, a greater awareness of the user is crucial, seeing that very often social engineering is the basis of these attacks.


Level 25
Content Creator
but ...... ubdate antivirus can distroy this kind of virus .......................... is it possible to distroy trogens can distroy easily
If it has signatures for it then sure, but if it doesn't then you're reliant on a product's behavioral blocking ability and whether that blocks it before Dridex encrypts your files is another matter altogether.