October 27, 2015
The Dridex banking Trojan is still active, despite arrests and damage caused to the threat’s infrastructure.
Endpoint threat protection company Invincea reported spotting a new Dridex campaign aimed at users in France, and experts have warned that the United States and other countries might follow suit.
The attackers have used maliciously crafted documents containing macros, which they attached to phishing emails, to deliver the malware. The malware, assembled on the endpoint using a technique dubbed by Invincea “Just-in-Time (JIT) malware assembly,” is signed with a certificate issued by Comodo.