Analysis by: Cedrick Ramos

DRIDEX continues to make waves with yet another invoice spam run.

We recently spotted spammed emails supposedly containing an invoice. When users open the .DOC file attachment, it triggers the malicious macro detected by Trend Micro as TROJ_RTFDRIDEX.A. This malware is responsible for dropping the final DRIDEX payload detected as TSPY_DRIDEX.BYX.

A banking malware, DRIDEX typically employs macros as part of its social engineering ploy. When executed on the system, it can steal a wide array of data such as banking credentials and personal identifiable information.

Trend Micro protects its customers by detecting the spam and all related malicious files. We advise users to remain vigilant in opening emails and their file attachments, even these came from supposedly trusted sources.

 SPAM BLOCKING DATE / TIME: February 04, 2016 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:2112