Skip navigation

Banking Malware Dridex Targets U.K. Financial Institutions

A number of U.K.-based financial institutions were hit by a wave of financial banking malware, delivered via phishing email campaigns, Threatpost reported.

Last year, Dridex was reported as one of the most dangerous variants of financial malware in circulation. According to Flashpoint, the malware is back this year with new techniques to bypass security and steal user data.

Phishing for Financial Credentials

The Trojan is designed to steal banking credentials, targeting customers of financial institutions via spam campaigns using real company names in the sender address and email copy. Many of these emails are disguised as invoices, receipts and orders, according to Symantec.

In the newest attacks detected in late January and last December, small phishing and spear-phishing email campaigns are targeting U.K. financial institutions. The email messages contained attachments with embedded macros that infect users with Dridex.

Although macros is disabled by default by Microsoft, the malware has still proved to be successful in the U.K. as instructions in the documents social engineer users into enabling macros, while other email campaigns contained obfuscated macros, according to Threatpost.

The attacks have also been using a new technique that can bypass Windows User Account Control (UAC) on fully patched and previous Windows versions, as detailed in a technical analysis by Flashpoint. In this attack, Dridex is able to alter Windows System32 directories to give itself the highest possible privileges, whitelisting itself as a trusted application so it can run silently on targeted PCs.

Financial Information Security Tips

How can you and your users protect your financial organization against malware infection? Here’s a few preventative measures:

  • Keep your security software and all device software - including operating systems, plugins, browsers, etc. up to date. Out-of-date software runs a higher risk of getting compromised by known/reported vulnerabilities. Learn more about Trusted Devices.
  • Don’t click on any suspicious-looking emails - send them to your security or IT team.
  • Never ever enable macros on any Microsoft Office document attachment that asks you to enable it.
  • Use two-factor authentication to protect access to your online banking applications and all other logins. In the event that your credentials are compromised via phishing or malware, an online criminal can’t successfully log into your accounts without possessing your physical device to complete two factor and verify your identity.

Learn more about how financial organizations can comply with data security regulations in their industry and protect access to their financial information by visiting Securing Access to Financial Data.

Thu Pham

Information Security Journalist

@Thu_Duo

Thu Pham covers current events in the tech industry with a focus on information security. Prior to joining Duo, Thu covered security and compliance for the infrastructure as a service (IaaS) industry at Online Tech. Based in Ann Arbor, Michigan, she earned her BS in Journalism from Central Michigan University.