Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline

A gang behind a recent Dridex Omicron campaign is moking the victims taunting them with a COVID-19 funeral assistance helpline number.

Crooks behind a recent Dridex campaign is moking the researchers and victims taunting them with a COVID-19 funeral assistance helpline number

The phishing messages use weaponized Word or Excel attachments to install the Dridex banking Trojan.

Researchers from MalwareHunterTeam and 604Kuzushi first spotted this campaign, the spam messages have the subject “COVID-19 testing result” and claim the recipient was exposed to a coworker who tested positive to the new Omicron COVID-19 variant.

The threat actors behind this campaign attempt to benefit from the rapid diffusion of the COVID-19 Omicron variant.

“This letter is to inform you that you have been exposed to a coworker who tested positive for OMICRON variant of COVID-19 sometime between December 18th and 20th,” reads a phishing message shared by Bleeping Computer. “Please take a look at the details in the attached document.”

So now this Dridex actor be like: “You aren’t suicidal? No problem, you will die in COVID!”?

Seriously, the actor has no brain to think about what the results of these lures can be or simply dgaf?

Sample: a4e141090129f69303721b0d7588db240464e1f547504501bce4bf5cb8641ea0 https://t.co/X5lWIQPnIY pic.twitter.com/9gneJXV2Xo

— MalwareHunterTeam (@malwrhunterteam) December 22, 2021

The message attempts to trick the victims into enabling the macros to correctly view the content of the attachments.

The messages use a password-protected Excel attachment, the password is provided in the content of the message. Upon entering the password, the recipient is shown a blurred COVID-19 document and is prompted to ‘Enable Content’ to correctly view it.

Once the system is infected, the malware taunts the victims by displaying an alert containing the phone number for the “COVID-19 Funeral Assistance Helpline.”

If you receive a suspicious email like the ones described in this post do not open the attachment.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, COVID-19 Omicron)

The post Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline appeared first on Security Affairs.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt