New Dridex Phishing Campaign Delivers Fake Accounting Invoices
Author DESAIGON | 15/09/2017 | 0 comment
New Dridex Phishing Campaign Delivers Fake Accounting Invoices

A new variant of the banking trojan Dridex is part of a sophisticated phishing attack targeting users of the cloud-based accounting firm Xero.

The global campaign is the latest in what security experts at Trustwave said is a wave of phishing attacks against Xero and other financial and accounting services such as Intuit.

As part of the campaign, attackers are spoofing messages that appear to be originating from Xero, an accounting company based in New Zealand that sells cloud-based accounting services to small and medium-sized businesses. Messages contain malicious links that attempt to trick recipients into downloading Zip archives containing a JavaScript file.

“On execution, this JavaScript downloads and launches banking malware on to the victim’s computer that steals their personal and private information and leaves them vulnerable to the mercy of their attackers,” said Trustwave researchers Fahim Abbasi and Rodel Mendrez who coauthored a report on the campaign published Wednesday.

The subject line of messages is typically “Xero Billing Notifications” with the originating email address displaying “xeronet.org” instead of the legit business “xero.com.” The domain was registered in China the same day the campaign started (Aug. 16). The message body attempts to spoof a legitimate inquiry from Xero, requesting the recipient to follow a set of malicious URLs. (see below)

WRITE YOUR COMMENTS:
popup

Số lượng:

Tổng tiền: