January 20, 2016
Attackers behind the Dridex Trojan have narrowed their sights on banks based in the United Kingdom frequented by high-value business accounts, researchers claim.
When a new version of the Trojan was released two weeks ago, it was promptly followed by a series of infection campaigns that focused on U.K. users.
Limor Kessem, a cybersecurity evangelist at IBM’s X-Force, who published a blog entry about the Trojan’s latest whereabouts on Tuesday, claims the latest chain of infections is leveraging the Andromeda botnet.
The Trojan’s operators targeted two banks in the U.K. to start, but within a few days, was targeting 13 banks. That Dridex is targeting U.K. banks is hardly surprising, the malware has long had an affinity for going wherever the money is. Developers behind the Trojan are simply honing in on high-value targets, in this case banks with dedicated subdomains for business and corporate account access, IBM said.