Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
Proofpoint discovered a malicious campaign in which cybercriminals from the TA575 group spread Dridex malware using emails about the popular Netflix series Squid Game.
The emails contain messages such as “The Squid Game is back, watch the new season before everyone else”, “Client invitations to access the new season,” “Previews of commercials for the new season of the Squid Game,” etc.
Experts have identified thousands of honeypot emails targeted at various industries in the United States. Some emails attempt to lure victims into offering a role in the series if the user downloads and fills in an attached document.
"Attachments are Microsoft Excel documents with macros that, when enabled, download the partner ID of the banking Trojan Dridex 22203 from Discord URLs," the experts explained.
Dridex is a banking Trojan used to steal funds directly from the victim's bank account. The malware is also used to gather information or act as a downloader for malware, including ransomware.
“The TA575 sends an average of thousands of emails for every campaign that affects hundreds of organizations. TA575 also uses the Discord Content Delivery Network (CDN) to host and distribute Dridex, ”said the experts.
Attackers actively target users through mobile channels such as SMS, social media platforms, third-party messaging apps, games, and even dating apps.
