Dridex Spreads with Omicron Themed Campaign

A recent Dridex campaign is mocking the researchers and victims taunting them with a COVID-19 funeral assistance helpline number

The phishing messages use weaponized Word or Excel attachments to install the Dridex banking Trojan.

Researchers spotted this campaign, the spam messages have the subject “COVID-19 testing result” and claim the recipient was exposed to a coworker who tested positive to the new Omicron COVID-19 variant.

The threat actors behind this campaign attempt to benefit from the rapid diffusion of the COVID-19 Omicron variant.

This letter is to inform you that you have been exposed to a coworker who tested positive for OMICRON variant of COVID-19 sometime between December 18th and 20th,Please take a look at the details in the attached document.

The message attempts to trick the victims into enabling the macros to correctly view the content of the attachments that’s a password-protected Excel attachment, the password is provided in the content of the message. Upon entering the password, the recipient is shown a blurred COVID-19 document and is prompted to ‘Enable Content’ to correctly view it.

Once the system is infected, the malware taunts the victims by displaying an alert containing the phone number for the “COVID-19 Funeral Assistance Helpline.”