Cybercriminals Use Decade-Old Technique to Steal Your Banking Credentials

• December 3rd, 2014
PC security

They say history repeats itself. In terms of online threats, this is a very appropriate statement.

Cybercriminals are distributing a malware called Dridex by reviving a popular technique from the early 2000s that takes advantage of the macros function in Microsoft Office.

Macros are legitimate functions in Microsoft Word and Excel that are used to combine multiple commands and instructions into one single task. While macros are great as a shortcut for tasks you repeatedly perform, unfortunately this also becomes a great tool for cybercriminals to distribute Dridex onto your PC.

Where does Dridex come from?
Dridex is hidden as attachments in malicious emails purporting to be invoices or financial documents from legitimate companies. When the attachment is opened, it will advise you to enable macros to view the content. Unfortunately, enabling macros on the document leads to Dridex being downloaded on your PC. While Dridex typically hides in Microsoft Word documents, you shouldn’t rule out other formats. For example, prior to shifting to Microsoft Word, Dridex was distributed by executables via email.

What does Dridex do?
The purpose of Dridex is to steal your online banking credentials. Dridex hides in your computer and is activated when you log into your banking account. At this point Dridex creates HTML fields that ask you to enter in additional information such as your social security number – an example of a man-in-the-browser attack (MITB).

The danger with MITB attacks is that nothing seems out of the ordinary, as the URL you see in the address bar indicates that you are indeed logged into your legitimate banking account. However, if you’re unaware of such attacks you could be easily tricked into entering in personal information that is asked or required of you in the additional fields. From there, the cybercriminals now have your online banking login credentials, as well as any other information you are tricked into revealing.

Staying ahead of cybercriminals
As cybercriminals devise new techniques (or just revive old ones) to infect users’ PCs with malware, you should be taking measures to stay ahead of cybercriminals. Here are a few things you can do to secure your PC from malware that aims to steal your banking credentials:

Learn to spot spam emails
The best way to avoid a malware infection from spam (or phishing) emails is to know how to spot one. Cybercriminals will try to trick you into downloading a malicious attachment or clicking on a malicious link by purporting to be from a legitimate company. Often the emails will create a sense of urgency or curiosity, such that the person who receives the email will perform the requested action.

Be cautious of Microsoft documents that require you to enable macros
Even if the email you’ve received appears to be from a legitimate sender, be extra cautious if the attached document requires you to enable macros to view the content. While not all macros are dangerous, it could be a sign that the document is actually hiding malware.

Protect your PC with adequate security
Basic security is mandatory for any PC. This includes, at minimum, firewall and antivirus software, which must be active and kept up-to-date. However, to better protect your PC from advanced malware, you should upgrade your security with protection that has the ability to analyze files in a virtual cloud environment. The benefit of having files scanned in the cloud is that in the event the file is deemed to be malicious or has a harmful macro, the malware that was intended for your PC is stopped in the cloud – leaving your PC untainted and your banking credentials in your hands.