Dridex Returns, Targets MacOS Using New Entry Method
The Dridex variant we analyzed targets MacOS platforms with a new technique to deliver documents embedded with malicious macros to users.
Normally, documents containing malicious macros enter a user’s system via email attachments posing as normal document files. However, while this might be the primary method of arrival, malicious actors have other ways of entering a victim’s system.
This blog entry primarily concerns Dridex, an online banking malware that has been active for years. The variant we analyzed has made its way into the MacOS platform and has adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files.
The Dridex sample we investigated arrived as a Mach-o executable file: a.out (which we detected as Trojan.MacOS.DRIDEX.MANP). The first submission for this in Virus Total (VT) dates to 2019, where it was tagged as malicious by security vendors with no specific detection names.
The data segment of the