steal sensitive credentials of the victims. It typically follows the steps mentioned below for the purpose:
- After infecting a computer, the malware installs a malicious extension to the victim’s browser. When the user restarts the browser, the malicious extension gets loaded automatically.
- The extension registers a handler for every page load, which tracks all the pages loaded by the browser and matches them with a list of known websites.
- Whenever the user loads a page of a banking website, the extension registers a button event handler.
- The user authenticates to the banking website by providing his credentials. When the user fills out a form for a financial transaction, the extension intercepts the communication. It notes down the data entered by the user, modifies the data, and sends the modified data to the banking web application.
- The web application performs the transaction as per the modified data and sends the receipt.
- The extension again intercepts the communication. It modifies the data in the receipt with the data entered by the user originally.
- The user gets the modified receipt filled up with the data he provided.
- The stolen data is transferred back to the C&C server of the attackers.
Who are the targets of the Dridex botnet?
Dridex often attacks customers of selected banks and financial institutions. The attackers’ main purpose is to infect the customers’ computers with malware and then modify or monitor financial transactions to steal sensitive credentials.
How to prevent the Dridex botnet?
Dridex malware is one of the most widely known notorious malware that is difficult to detect. But, a user can always follow some simple steps to prevent infection of this malware
- The malware typically uses spam emails to infect a computer. Many a time, those spam emails are carelessly composed and contain contradictory information. A careful inspection of the email may prove to be very helpful in preventing infection of the malware.
- The malware exploits security vulnerabilities of commonly used software to infect a computer. So, always keep your computer updated with recent security patches.
- Update your Operating Systems with recent patches for the same reason.
- Keep your browser updated with recent patches. It would reduce the security vulnerabilities present in the browser software.
- Always keep your system updated with recent patches of anti-malware programs from a trusted source.
- One option for preventing this attack is to closely monitor any changes in browser settings. Browser extensions and scripting should be limited. Do not use any browser extension if you are not very sure about its authenticity.
- Users should educate themselves about Dridex malware and its attacks and use their common sense while using sensitive banking web applications.
- Users should change the credentials of the banking application immediately upon suspected infection of the malware.
![Share on Facebook Facebook](https://www.thesecuritybuddy.com/wordpress/bdr/plugins/social-media-feather/synved-social/image/social/regular/64x64/facebook.png)
![Share on Twitter twitter](https://www.thesecuritybuddy.com/wordpress/bdr/plugins/social-media-feather/synved-social/image/social/regular/64x64/twitter.png)
![Share on Reddit reddit](https://www.thesecuritybuddy.com/wordpress/bdr/plugins/social-media-feather/synved-social/image/social/regular/64x64/reddit.png)
![Pin it with Pinterest pinterest](https://www.thesecuritybuddy.com/wordpress/bdr/plugins/social-media-feather/synved-social/image/social/regular/64x64/pinterest.png)
![Share on Linkedin linkedin](https://www.thesecuritybuddy.com/wordpress/bdr/plugins/social-media-feather/synved-social/image/social/regular/64x64/linkedin.png)
![Share by email mail](https://www.thesecuritybuddy.com/wordpress/bdr/plugins/social-media-feather/synved-social/image/social/regular/64x64/mail.png)
0 Comments