Dridex using Dyre tricks to deceive victims

Researchers reported that Dridex is using DNS attacks to deceive victims.
Researchers reported that Dridex is using DNS attacks to deceive victims.

Researchers at IBM's X-Force have spotted the Dridex banking trojan using Domain Name System (DNS) cache poisoning attacks to redirect victims to fakes banking sites.

In the attacks, the threat actor inserts a fake address record for an internet domain into the endpoint's cache DNS causing the cache to use the fake address in subsequent browsing requests to redirect traffic to the addresses of a malicious server, according to a Jan. 19 blog post.

Once infected, the victim is redirected to a phony page designed to mimic their bank's website when they try to access their accounts online. The technique allows the attacker to use social engineering injections to obtain critical authentication codes from the victim as needed.

Researchers said the redirection technique is very similar to the methods used by the Dyre Trojan adding that is possible the two groups share some key developers or management.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS