Dridex Returns, Targets MacOS Using New Entry Method

Dridex Returns, Targets MacOS Using New Entry Method

Malware

The Dridex variant we analyzed targets MacOS platforms with a new technique to deliver documents embedded with malicious macros to users.

By: Armando Nathaniel Pedragoza January 05, 2023 Read time:  ( words)

Normally, documents containing malicious macros enter a user’s system via email attachments posing as normal document files. However, while this might be the primary method of arrival, malicious actors have other ways of entering a victim’s system.

This blog entry primarily concerns Dridex, an online banking malware that has been active for years. The variant we analyzed has made its way into the MacOS platform and has adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files.

The Dridex sample we investigated arrived as a Mach-o executable file: a.out (which we detected as Trojan.MacOS.DRIDEX.MANP). The first submission for this in Virus Total (VT) dates to 2019, where it was tagged as malicious by security vendors with no specific detection names.

Figure 1. Mach-o regions which contain the header, load commands, and segments of the file Figure 2. Detections of a.out from April 2019 to December 2022

The data segment of the

Read more

Explore the site

More from the blog

Latest News