COVID-19 Phishing May Be Sending Dridex Malware Your Way

January 06, 2022


Although it may consume much of the attention of IT professionals and it is a growing menace, ransomware isn’t the only malware threat in town. Phishing messages can also bring other varieties of dangerous malware to a company’s doorstep, and that malware can cause just as much or more damage as a ransomware attack. Over the last decade, there has been an 87% increase in malware infections. Two new phishing tricks that are being used by bad actors right now illustrate the insidious nature of malware threats and why it is so important that businesses take action to reduce their exposure to phishing-related malware threats. 


See how to avoid cybercriminal sharks, phishing & ransomware in Phishing 101. DOWNLOAD IT>>


What is Malware? 


CompTIA defines malware as “any software that is intended to threaten or compromise information or systems. Hackers use malware to compromise networks or devices with the intent of stealing information or making a system inoperable. Malware is most often used to illicitly obtain information or disrupt business operations.” The word malware is a mash-up of “malicious software“. The first malware came on the scene in the 1980s and malicious software has been wreaking havoc ever since. The first documented computer virus, dubbed Elk Cloner, was discovered on a Mac in 1982, and the first strain of PC-based malware titled Brain made its debut in 1986. 

Just like everything in tech, malware has evolved tremendously since those days. Innovation isn’t just the purview of the good guys; cybercriminals are constantly innovating too. Malware is a growth industry and cybercriminals have been quick to develop new strains of malware to do their dirty work. Ten years ago, the number of detected malware types stood at 28.84 million. By 2020, that number had ballooned to nearly 678 million varieties. Revenue in the malware industry has been steadily growing and is expected to reach 8 billion U.S. dollars by 2025


Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>


What Are the Most Common Types of Malware? 


Trojans are the most common variety of malware that IT teams will encounter. This type of malware masquerade as harmless software and can initiate a variety of attacks on systems. Some trojans are aided by human action while others function without user intervention. The second most common type of malware is viruses. Viruses are responsible for about 13% of total malware infections. Similar to a real-life virus, this type of malware attaches itself to benign files on your computer and then replicates, spreading itself and infecting other files. Of course, ransomware is also a variety of malware.  

What is Dridex Malware? 

Dridex is banking malware distributed through phishing emails containing malicious Word or Excel attachments. It is the third most common type of malware attack. In a Drydex malware scenario, when an employee opens an attachment infected with Drydex malware and takes certain prompted, seemingly harmless actions like enabling macros, the malware is then downloaded and installed on the victim’s device. Experts point to legendary cybercrime group Evil Corps aka REvil as the originators of Dridex malware. That group is also notorious for ransomware variants including BitPaymer, DoppelPaymer, WastedLocker and Grief.  


Get on the road to security success with a 5 Steps to Ransomware Readiness infographic! GET IT>>


How Are Cybercriminals Spreading Dridex Malware? 


Over 92% of all malware is delivered by email. This variety of malware is currently being spread through social engineering in two sophisticated phishing campaigns that capitalize on fear and uncertainty around the Omicron variant of COVID-19. 

Fake COVID-19 Exposure Warnings

In one phishing campaign, discovered by MalwareHunterTeam and 604Kuzushi, bad actors send prospective victims phishing emails with the subject line “COVID-19 testing result”. Inside, the message informs the recipient that they were exposed to a coworker who tested positive for the Omicron COVID-19 variant. The recipient is instructed to open an Excel document to learn more. The email helpfully includes the relevant password-protected Excel attachment and the password needed to open the document.  

After the unwitting victim enters the password, they’re shown a blurred document that looks like it contains legitimate data about COVID-19. They’re prompted to “Enable Content” or “Enable Macros” to view it. But after macros are enabled, and the device becomes infected with Dridex. Bleeping Computer reports that in some cases the threat actor taunts their victims by displaying an alert containing the phone number for the “COVID-19 Funeral Assistance Helpline.”  

Fraudulent Employee Termination Notices 

Security researchers have also uncovered another new Dridex malware phishing campaign that is preying on people’s fears in a time of economic uncertainty. This nasty scheme uses fake employee termination emails as a lure to draw users into taking action that infects their device with Dridex. Targets receive emails with subjects like “Employee Termination” A recent campaign of this scam told the unfortunate recipient that their employment was being terminated on December 24th, 2021, and that “this decision is not reversible.” These phishing messages are accompanied by an attached Excel spreadsheet with a name like “TermLetter.xls” that allegedly contains information on why they are being fired. The password required to open the document is also provided.  

When the recipient opens the Excel spreadsheet and enters the password, a blurred form with the title “Personnel Action Form” or something similar is displayed, along with a prompt to “Enable Content” to view it properly. That enables malicious macros to be executed that create and launch a malicious HTA file saved to the C:\ProgramData folder. 


How safe is your email domain? Find out now with our domain checker. CHECK YOUR DOMAIN>>


Stop Malware Infections by Keeping Phishing Messages Away from Employees 


The vast majority of malware is spread by phishing messages. By making sure that employees never have the chance to make that fatal click on a phishing message, businesses reduce their exposure to malware threats. Stop phishing immediately with Graphus – the most simple, automated and affordable phishing defense available today. When you choose AI-powered, automated email security, your business gains an array of strong defenses against phishing that stop today’s nastiest phishing threats cold. Graphus’ AI technology refines your protection daily to ensure that your business is protected against tomorrow’s phishing threats too.  

  • You’ll gain a powerful guardian that protects your business from some of today’s nastiest threats like spear-phishing, business email compromise, ransomware and other horrors that will fit perfectly into your IT budget.  
  • Plus, automated security is up to 40% more effective at spotting and stopping malicious messages like phishing emails than a SEG or conventional security.   
  • Get detailed, actionable threat intelligence with the Graphus Threat Intelligence add-on, featuring detailed reports on the malicious or compromised IP and email addresses, URLs, and attachment hashes used in cyberattacks that target your users.  
  • Click here to watch a video demo of Graphus now. 

What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus