Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Dridex v4 Enters Operation AtomBombing, UK Banks Under Attack

Dridex, one of the worst banking Trojans to ever enter the financial malware scene, is back once again, and is in a better shape than before. New capabilities have been added to Dridex v4 which make it even more impossible to detect and counter.

The discovery of Dridex’s code update and comeback belongs to researchers from IBM X-Force. The new feature in question is called AtomBombing and is an advanced injection technique that serves to evade security software in quite a subtle manner.

Related: Dridex Spread via Compromised OneDrive for Business Accounts

Dridex Plus AtomBombing Equals Worse Attacks

The research team came across Dridex v4 several weeks ago, and that’s when the innovative injection technique was uncovered. It is based on a technique known as AtomBombing, which was first discovered by enSilo researchers in October last year.

The latest version of the malware doesn’t fully depend on AtomBombing, as it only uses a small part of the exploit for the final purpose. What appears to be the case is that the malicious coders employed the AtomBombing technique for the writing of the payload, and then turned to a different technique to achieve execution permission.

In addition, Dridex is the only banking Trojan to employ AtomBombing, making it even more sophisticated and threating. The addition of this technique only means that other organized cybercrime gangs will also start adopting the methodology, leading to a series of upcoming dreadful attacks.

Related: Locky, Dridex Botnet Has Also Delivered TeslaCrypt

Even worse, this is not the only improvement. A major upgrade has been done to the Trojan’s configuration encryption. The change implements a modified naming algorithm, “a robust but easy-to-spot persistence mechanism and a few additional enhancements”, as explained by the research team.

Dridex v4 Already Making Rounds in the Wild

IBM Security detection indicates that the nefarious banker is already out and about, and is being spread in active campaigns primarily against banks in the UK.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Newsletter
Subscribe to receive regular updates about the state of PC Security and latest threads.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.