A report from Forcepoint which states that future versions of the infamous and highly dangerous Dridex banking trojan will soon be able to steal credentials for several crypto-currency wallets, according to clues found in recent Dridex samples. IT security experts from Redscan, ESET and Lieberman Software commented below.
Robert Page, Lead Penetration Tester at Redscan:
“Dridex is constantly evolving to continue its objective of collecting financial information whilst remaining undetected. Given the increased usage of Cryptocurrency , it’s not surprising it’s also attempting to gather this type of currency.
It’s interesting the malware has improved to prevent analysis by security researchers. Although the anti-sandbox features have been reverse engineered by security researchers in this instance, most likely the malware will continue to improve in future.”
Mark James, Security Specialist at ESET:
“Malware without a doubt is getting more and more sophisticated, its ongoing struggle with Anti-Virus and security vendors is forcing changes for it to stay current and successful. In the early days malware was fairly rigid in its duties and its ability to adapt but now we often have a very sophisticated piece of code that not only evolves but is able to adapt to current trends for better efficiency. The Dridex banking Trojan is doing exactly that, where previously its victims were POS and banking systems it is now acquiring crypto-currency targets to further its attack footprint. These digital currencies have been a common target lately with some huge breaches involving millions of dollars stolen.
Ensuring you have a good multi-layered regularly updating security solution installed, along with keeping your operating system and all applications patched and up to date will help to keep you safe.”
Jonathan Sander, VP of Product Strategy at Lieberman Software:
“The Dridex Trojan being upgraded like enterprise software is no surprise in today’s professional cybercrime world. Cybercrime makes hundreds of billions in revenue for the bad guys. Some say it’s more profitable than the drug trade. Is it any wonder that organized crime has set up operations just as sophisticated as any enterprise software?
Just like Microsoft is pushing updates to Windows 10, the bad guys are pushing their latest features in an attempt to increase their current cash flow and seek new revenue streams. To help protect the revenue they make now, or, put another way, to ensure their infection rates of our computers stay the same, they are building in evasive capabilities. They know our defenses are getting better and they now have counter measures to look for when those defenses are in place and react to ensure we don’t catch them in the act. It’s a cyber arms race where we attempt to detect and respond as quickly as possible and they attempt to be evasive to the point of invisibility so we never see them coming.
But the bad guys aren’t just on the defense, they’re also pushing out new attacks with their team of cybercrime professionals. These malware infections, like any other software, are always looking for the next killer feature to make us give them more money. Unlike legitimate software that tells you about the features, though, their new features are new ways to silently pick your virtual pocket and steal your virtual wallet – literally.
All this is the result in the shift from the line wolf bad guy to the professional cyber crime organization. Many people picture a hooded man with Cheeto stained fingers and a messy desk in a basement when they think of the online enemy. In truth, today the bad guys would fit right into the Dilbert cartoons. These are professionals developing software in offices with paychecks, benefits, and normal lives. It’s their organized crime bosses that are really different.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.