Several recent phishing campaigns have attempted to deliver a variant of the Dridex banking Trojan via payloads on Slack and Discord CDN called DoppelDridex. Dridex is an online banking malware used by hackers to steal personal data using HTML injections. With this malware, hackers steal financial data and other identifiers of users. Dridex malware usually appears as a spam email with a Microsoft Word document attached but now we come to talk about its variant.
DoppelDridex is operated by the economically motivated eCrime adversary who is tracked as DOPPEL SPIDER. Additional tools are often delivered as a secondary payload, such as Cobalt Strike, which can be leveraged for greater remote access, lateral movement, and preparation for the Grief ransomware deployment, plus it is capable of causing chain infections. ie download / install additional malicious programs. This program has various harmful functionalities, including command execution, data extraction (keylogger), file infiltration and execution, etc.
In the case of the DoppelDridex infection chain, the goal is to infect devices with ransomware. This type of malware is designed to encrypt victims’ data or lock their device’s screen, to demand payment for access recovery.
DoppelDridex has been observed to spread through infectious Microsoft Office documents attached to spam. Files of this type infect systems by executing malicious macro commands. This occurs when a document is opened in Microsoft Office documents published before 2010. Newer versions have a “Protected View” mode that prevents the execution of macros; instead, users can manually enable macro commands.
It should be noted that cyber criminals often include deceptive messages intended to trick users into enabling macros, which is why this malware is commonly spread through spam campaigns; Virulent files can be attached or linked within fraudulent emails. These files can be Microsoft Office and PDF documents, executables, archives, JavaScript, etc. When the files are opened, the infection process begins, remember that it is because of this and many other malicious activities that you should not trust the internet, since you never know what you are downloading or who sent it.
