Original release date: October 13, 2015 | Last revised: October 15, 2015
Dridex, a peer-to-peer (P2P) bank credential-stealing malware, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control (C2). The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the Dridex botnet.
Dridex is a multifunctional malware package that leverages obfuscated macros in Microsoft Office and extensible markup language (XML) files to infect systems. The primary goal of Dridex is to infect computers, steal credentials, and obtain money from victims’ bank accounts. Operating primarily as a banking Trojan, Dridex is generally distributed through phishing email messages. The emails appear legitimate and are carefully crafted to entice the victim to click on a hyperlink or to open a malicious attached file. Once a computer has been infected, Dridex is capable of stealing user credentials through the use of surreptitious keystroke logging and web injects.
A system infected with Dridex may be employed to send spam, participate in distributed denial-of-service (DDoS) attacks, and harvest users’ credentials for online services, including banking services.
Users are recommended to take the following actions to remediate Dridex infections:
The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.