Dridex, one of the worst banking Trojans to ever enter the financial malware scene, is back once again, and is in a better shape than before. New capabilities have been added to Dridex v4 which make it even more impossible to detect and counter.
The discovery of Dridex’s code update and comeback belongs to researchers from IBM X-Force. The new feature in question is called AtomBombing and is an advanced injection technique that serves to evade security software in quite a subtle manner.
Related: Dridex Spread via Compromised OneDrive for Business Accounts
Dridex Plus AtomBombing Equals Worse Attacks
The research team came across Dridex v4 several weeks ago, and that’s when the innovative injection technique was uncovered. It is based on a technique known as AtomBombing, which was first discovered by enSilo researchers in October last year.
The latest version of the malware doesn’t fully depend on AtomBombing, as it only uses a small part of the exploit for the final purpose. What appears to be the case is that the malicious coders employed the AtomBombing technique for the writing of the payload, and then turned to a different technique to achieve execution permission.
In addition, Dridex is the only banking Trojan to employ AtomBombing, making it even more sophisticated and threating. The addition of this technique only means that other organized cybercrime gangs will also start adopting the methodology, leading to a series of upcoming dreadful attacks.
Related: Locky, Dridex Botnet Has Also Delivered TeslaCrypt
Even worse, this is not the only improvement. A major upgrade has been done to the Trojan’s configuration encryption. The change implements a modified naming algorithm, “a robust but easy-to-spot persistence mechanism and a few additional enhancements”, as explained by the research team.
Dridex v4 Already Making Rounds in the Wild
IBM Security detection indicates that the nefarious banker is already out and about, and is being spread in active campaigns primarily against banks in the UK.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: