Dridex using Dyre tricks to deceive victims
Researchers reported that Dridex is using DNS attacks to deceive victims.
In the attacks, the threat actor inserts a fake address record for an internet domain into the endpoint's cache DNS causing the cache to use the fake address in subsequent browsing requests to redirect traffic to the addresses of a malicious server, according to a Jan. 19 blog post.
Once infected, the victim is redirected to a phony page designed to mimic their bank's website when they try to access their accounts online. The technique allows the attacker to use social engineering injections to obtain critical authentication codes from the victim as needed.
Researchers said the redirection technique is very similar to the methods used by the Dyre Trojan adding that is possible the two groups share some key developers or management.