Satisnet Ltd, Basepoint Innovation Centre, 110 Butterfield Great Marlings, Luton, Bedfordshire, LU2 8DL enquiry@satisnet.co.uk
+44 (0) 1582 434320

The updated Dridex version and its capabilities

The updated Dridex version and its capabilities

The updated Dridex version and its capabilities

The well-known Dridex Trojan has covered with an upgrade which equips the malware with a new, complex injection technique and best ever evasive capabilities known as AtomBombing.

The latest version of the financial Trojan, version four, was discovered several weeks ago. The discovery of AtomBombing included in the malware is the first example of banking malware utilising the sophisticated coding.

IBM says that the discovery is important as it is possible other bad guys will adapt their own Trojan codes to become just as dangerous in the future, and banks must keep up with these evolving threats to ensure their customers are as safe as possible when using online systems.

Dridex is one of the most well-known dangerous Trojans to hit European financial institutions. The Trojan often penetrates victim PCs through malicious macros embedded in Microsoft documents or through web injection attacks, and once a system is compromised, steals online banking credentials and financial information.

Dridex was first spotted in 2014 after spreading through a spam campaign in the United Kingdom.The creators of Dridex have chosen to use only a part of this exploit. The malware copies a payload into a read-write memory space in the target process but uses a different method to write and execute the payload.

Instead risk suspicious calls to Windows APIs, Dridex calls a virtual memory process to change the memory already written into the process.

The researchers say that Dridex's developers have also improved the Trojan's configuration encryption and persistence mechanisms.

Dridex V.4 is already out and actively attacking UK banks through redirection schemes and the malware's VNC RAT capabilities, which appear to have replaced the Trojan's web injection methods which were once the most common ways used to target potential victims.

https://www.zdnet.com/article/dridex-trojan-updated-with-atombombing-eva...