New Dridex Version Poses as PFX Certificate File

June 3,2016

Dridex, the most infamous banking trojans of them all, received a major upgrade in the month of May, which security researchers say would allow it to bypass security software with greater ease.

For the past few years, Dridex has been one of the most active cyber-crime infrastructures on the planet, with the group behind this operation building several botnets through which they deliver their malware, exfiltrate funds, hide illegal transactions, and spam users, with both the Dridex malware and the Locky ransomware.

IRONGATE shares some features with Stuxnet

The research team found this malware extremely interesting because of its mode of operation that incorporated some Stuxnet-like behavior.

Just like Stuxnet, IRONGATE used a Man-in-the-Middle technique to injects itself between the PLC (Programmable Logic Controller) and the software monitoring process.

Another feature shared with Stuxnet is how it achieves this MitM by replacing a valid DLL file with a malicious copy.

Read full story…