A new malware called Dridex is making its way around the world this week. Dridex uses a decade-old technique to infiltrate your PC and steal your online banking credentials.
As with all online banking malware, Dridex has the potential to do a lot of damage. The malware installs itself through a macro buried inside a Microsoft Word document. That Word document features a spam email message.
What are macro-based malware attacks?
Macros were used by hackers about ten years ago, but they eventually fell out of favor after Microsoft enhanced its security. Macros, for those who don’t know, are automatic keystroke/click combinations that can be used to launch certain programs or perform certain actions on your computer.
Today, most PCs have disabled macros by default. But here’s where Dridex gets tricky: when you open the infected Microsoft Word file, you’ll receive a message advising users to enable macros.
If you’re unfortunate enough to click that “enable macros” button, then Dridex will immediately start downloading itself onto your PC.
Malware first spotted by TrendLabs
This latest malware attack was first spotted by TrendLabs, which recently published a blog post titled, “Banking Trojan DRIDEX Uses Macros for Infection.”
That blog post goes into great detail about the malware, and it also features images of the malware in action. Here’s how your PC would get infected:
Step 1) You receive an email like this, which seems like an innocent, non-hazardous email:
Step 2) A Microsoft Word document is attached to that email. When you open that Word document, you’re advised to enable macros. The Word document contains dangerous, malicious code:
Step 3) If Dridex defeats your security, then it will immediately begin scanning your computer for login credentials to a number of specific European banks. Those banks include:
-Bank of Scotland
As you may have noticed, all of those are European banks, so this malware is mostly targeted towards Europeans. That doesn’t mean people in other parts of the world are totally safe, of course, as Dridex is thought to check for other banks as well.
Furthermore, Dridex’s top 3 most infected countries so far include the UK, US, and Australia. Only one of those is a European country – so clearly, Dridex isn’t worrying about geographic boundaries.
How to stay protected
You know when you download a Microsoft Word document from an email attachment and it makes you click that little “Enable Editing” button before you can interact with it? That’s specifically designed to prevent problems like this.
If you downloaded a Microsoft Word file from a suspicious source – like an awkwardly worded email from an unknown sender, do not click the Enable Editing button on Microsoft Word.
If you can do that, then you vastly increase your chances of staying protected online.