Dridex malware spreads COVID-19 funeral scam to mock people

February 4, 2022
Dridex Malware COVID-19 Funeral Scam Fraud Prevention

Security researchers discovered a new phishing scam that spreads fake COVID-19 funeral assistance. This phishing attack, conducted by Dridex malware, abuses the panic that the Covid-19 Omicron variant creates in several countries today.

Researchers said that the phishing campaign of Dridex has been threatening victims by utilising fake funeral assistance if the hostile variant of the virus has ever infected them. The threat actors also utilise compromised Word and Excel attachments to bait their targets.

Unfortunately, many do not think twice about clicking these malware-laden email contents whenever a threat to their health is in jeopardy. Therefore, threat groups such as Dridex will take advantage of every opportunity to create chaos.

 

The Dridex malware phishing campaign uses the COVID-19 Omicron variant to spread infection.

 

According to observations, the Dridex phishing operator exploited the rapid infection of the Covid-19 Omicron strain and came up with an idea to spam messages attached with the subject of Covid-19 testing results.

These spam messages will then inform the recipients that they were exposed to a colleague who recently got infected by the Omicron variant. Because of the panic that the news will instigate in the recipient, the threat actors can deceive the target into enabling the macros to view the content of the malware-laden attachments.

As the recipients open the attachment, it will view the content with an Excel file protected with a password mentioned on the message. If the target opens the documents by inputting the password, the attachment will display a blurred COVID-19 document that asks to ‘Enable Content’ to view it properly.

However, instead of getting a proper document after enabling the file, the malware mocks the recipient by showing an alert that contains a fake number for the COVID-19 Funeral Assistance Services.

This kind of attack is the second time cybercriminals have made fun of their targets last December. Recently, a phishing email was sent by threat actors to numerous employees that scared them because the content was a job termination before Christmas.

Threat actors abundantly use the Omicron variant to scare people. Their success rate has skyrocketed since people have less knowledge regarding this new COVID-19 strain. Experts advise that people need to be analytical with every email they receive with a subject named COVID-19 Omicron.

About the author