A new version of malware Dridex is currently targeting Macs to spread to large numbers of computers.
Dridex malware is already known by Windows PC users, but this is the first time this malware has hit macOS. To do this, hackers have changed the mode of operation to achieve their ends.
A well-known malware that siphons user data using macros
Dridex, also called Bugat and Cridex, is an information stealer developed by the infamous Evil Corp group, which uses macros in Microsoft’s Excel or Word software to retrieve large amounts of data. This software is also used in the business environment.
It comes in the form of a file, distributed by phishing campaigns. Once opened, a Word document appears on the screen to launch automatic macros which will siphon all the data present and send them remotely by establishing a connection between the machine and a server.
On macOS, the starting principle is basically the same. The attackers use a Mach-O file, which has an extension .o, .dylibWhere .bundle. These files are readable both on Mac, but also on iOS.
Mac users are being used as “mules” to deliver malware
This file contains a Word file which when opened will also use an automatic macro, but this time instead of recovering the data the entire Word files in the user’s directory will be overwritten and replaced with new ones versions. A connection to a server will also be established to download other files, including an executable (.exe) that contains the Dridex malware. The latter will then be included in each Word file present on the machine.
The .exe file cannot be read by macOS, so file recovery from an Apple computer is not possible. The objective here is to infect as many Windows machines as possible, through the sharing of Word documents, which happens daily in business. The user will not know that the document he is sharing is infected, his correspondents will open it in complete confidence and that’s it.
By replacing all the Word documents present on the computer with infected copies, it is also very difficult to find the cause of the problem and to eradicate it.
It is therefore imperative to remain on your guard when you receive a suspicious attachment by email, especially if it does not come from a trusted contact, and to think twice before opening it.
Source : The Hacker News
An antivirus for Mac is far from useless! Even if the progression has nothing to do with what Windows experienced in the 2000s, the macOS environment is experiencing an upsurge in malware. The cyber war following the Russian invasion of Ukraine further increases the risks to your cyber security. To protect you effectively, our team of experts has tested 10 antivirus solutions on macOS, find out in our comparison which is the best antivirus for Mac in 2023!
Read more
9