Dridex is a Windows-focused banking trojan that has since expanded its capabilities to include infostealing and botnet capabilities. The malware, which according to Check Point Research’s 2023 Cyber Security Report, was the fourth most prevalent malware variant in 2021. Dridex is primarily distributed via phishing and malspam campaigns.
The Dridex malware can be distributed in various ways. Some common examples include phishing emails, exploit kits, and delivery as a second-stage infection by malware other malware families such as Emotet.
Once executed on an infected machine, Dridex uses process injection and hooking to gain access to screenshots and keystroke information. It can also collect information from web browsers, be remotely controlled by the attacker, and download and execute other malware. Frequently, Dridex uses web injection modules that conduct man-in -the-browser attacks, and allow the cybercriminals to steal credentials to banking accounts, emails and social media.
The Dridex malware began as a banking trojan, collecting login credentials for online banking platforms from infected machines. While this continues to be a core part of its functionality, and most Dridex attacks are targeted at the financial services industry, it has expanded its capabilities in recent years.
Now, Dridex also incorporates infostealing and botnet capabilities, similar to TrickBot and Qbot. While the malware appears to be in decline compared to these competitors, it is still undergoing active development. In September 2021, a new variant of the malware was discovered that expanded the infostealing capabilities of the malware and was used in a new phishing campaign that delivered malicious Excel documents. Dridex was also a leader among malware taking advantage of the Log4j vulnerability in December 2021.
Dridex combines the functionality of a banking trojan, botnet malware, and infostealer and is distributed in various ways. Some methods by which an organization can protect against a Dridex infection and manage its impacts include:
Dridex is a sophisticated malware designed to evade detection and be difficult to remove. Failing to completely eradicate the malware from an infected system could result in reinfection. For this reason, the best way to remove Dridex malware is using an endpoint security solution. These tools can ensure that the malware is completely eliminated from an infected computer.
Dridex poses a significant threat to enterprise data and cybersecurity with its infostealer, banking trojan, and botnet functionality. To learn more about Dridex and the other leading malware threats that organizations face, check out the 2022 Cybersecurity Report by Check Point Research.
Protecting against Dridex and other malware requires strong endpoint security that can identify novel and emerging threats. Learn more about how Harmony Endpoint can help to protect your organization’s devices by requesting a free demo.
Advanced Network Threat Prevention