A spike in Dridex spam emails was spotted in May, but this new iteration does not use the old strategy of sending fake invoices or notifications to scam the victim and instead attempts to scare the recipients into opening the email and clicking on the infected attachment.
9.7% for the attacks were spottet against US-based targets with those in Brazil and China a distant second and third.
Researchers from Trend Micro said the email bears the subject heading ‘Account Compromised’ and contains details of the supposedly logon attempt, including the IP address to make it look legitimate.
Dridex is now paired with the command-line program Certuli, which allows the malware to pass itself off as a legitimate certificate.
Whereas the new Dridex has just hit the web, Trend Micro is still unsure whether it is more effective than the previous version.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now