Dridex is back to tormenting users again. It has marked its return with a phishing attack pretending to be invoiced from QuickBooks. The ongoing campaign that started on the 19th of April 2021 is targeting users of the accounting software and infecting their devices.
What Transpired?
Researchers identified the recent attacks, where the attackers launched an Intuit-themed malspam campaign, targeting QuickBooks users with fake invoices and payment notifications.
- Quickbooks users all across the globe are targeted by this campaign. Most of its targets are located in the U.S. (14%), followed by Germany, South Korea, and India (11%). And the number is slated to rise.
- Additionally, Europe has been a prominent target with countries like France and the U.K (7%); Italy (4%); Sweden (3%), and Belgium, Canada, Switzerland, Austria, and the Netherlands (2%) being targeted.
- Italy has been traced as the origin of nearly half the spoofed emails from its IP addresses with the QuickBooks header adding a touch of legitimacy to the email.
- The attacker cleverly played with the sender names and subject lines to avoid various detection tools.
- Moreover, a custom email body was created by the attacker attempting to bypass anti-phishing and anti-spam mechanisms. An excel file containing a threat is carried by the emails.
Recent Activity
Stealing banking information from infected users is the primary objective of the Dridex banking Trojan.
- Last month, a scam campaign delivered Dridexby impersonating emails from IRS.
- Fueled by the Cutwail botnet, an increase in the Dridex-related network attacks was observed.
Malicious emails masquerading as invoices from Quickbooks were received by small businesses or organizations can have severe security outcomes. Hence, the risks of such threats should be understood by organizations and provide training to their employees to identify phishing emails and deploy reliable anti-malware like eScan.
To read more, please check eScan Blog
