A variant of the Dridex banking malware has been modified to spread to others through macOS by using email attachments that present as regular documents.
Security researchers over at Trend Micro stated that the malware had previously targeted Windows, but the people behind Dridex have changed their strategy and are now going after macOS devices in order to spread the malicious software.
The Dridex malware sample Trend Micro analyzed takes the form of a Mach-O file; this executable file can run on macOS and iOS. They use file extensions like .o, .dylib, and .bundle.
The Mach-O file basically contains a malicious document that automatically runs once a user opens it. From there, it overwrites all Microsoft Word files in the macOS user directory. After that, it contacts a remote server to download more files. This includes a Windows executable file (.exe) that will proceed to run the Dridex malware.
Below is an image of the .exe file:
The executable files can’t run on macOS. However, if a user’s Word files are overwritten, Mac users may infect others when they share files online.
Mac users are currently safe from Dridex, but Trend Micro says that the attackers could modify it to run on macOS in the future.
How to Keep Yourself Safe from Dridex
Staying safe from Dridex works pretty much the same way for any other malicious software. The first and most important thing to ensure is that you check who the sender is — more specifically, the email address. Some email addresses are more obviously fake than others.
For example, viruses could be embedded in emails that appear to belong to a bank. However, no bank will send you an email from a Gmail account. Be wary of this.
Apple devices typically include security tools like Gatekeeper and XProtect, but you can also use third-party antivirus software.
Exercise caution and use common sense: If you don’t recognize something or something feels off to you, trust your gut.
Want more DZSH with you? Sign up for our newsletter today for fun games, updates, and more!