Dridex banking malware modified to spread using macOS - AppleInsider

AppleInsider whitethorn gain an affiliate committee connected purchases made done links connected our site.

A variant of the Dridex banking malware is utilizing macOS to dispersed to others, by utilizing email attachments that look similar regular documents.

Security researchers astatine Trend Micro said on Thursday that the malware antecedently targeted Windows, but present the cybercriminals person changed their strategy to spell aft macOS.

The Dridex malware illustration Trend Micro analyzed takes the signifier of a Mach-O file, an executable record that tin tally connected macOS and iOS. File extensions they usage see .o, .dylib, and .bundle.

The Mach-O record contains a malicious papers that runs automatically erstwhile a idiosyncratic opens it. It past overwrites each Microsoft Word files successful the macOS idiosyncratic directory and contacts a distant server to download much files, including a Windows executable record (.exe) that runs the Dridex malware.

Content of the executable record dropped by the malware. Source: Trend Micro

These executables can't tally connected macOS. But, if a user's Word files are overwritten with malicious versions, Mac users could unwittingly infect others erstwhile they stock the files online.

For now, Mac users are harmless from the Dridex malware. Trend Micro says it's imaginable that attackers could modify it to tally connected macOS successful the future.

How to enactment safe

First and foremost, with Dridex, the champion mode to support yourself is to not unfastened attachments wherever the provenance is unclear. Check who the sender is, not conscionable by the displayed sanction of the sender, but besides the email address.

For instance, your recognition paper institution won't nonstop you a receipt from a Gmail account.

Apple includes security tools specified arsenic Gatekeeper and the XProtect antivirus bundle that are built into macOS. Users tin besides take to download antivirus bundle from a third-party company.

An online instrumentality called VirusTotal tin scan URLs and files that radical upload and observe if it contains malware. For example, if an email has a Microsoft Word papers oregon a Mach-O record arsenic an attachment, it whitethorn beryllium a bully thought to scan it with the website.

AppleInsider volition beryllium covering the 2023 Consumer Electronics Show successful idiosyncratic connected January 2 done January 8 wherever we're expecting Wi-Fi 6e devices, HomeKit, Apple accessories, 8K monitors and more. Keep up with our sum by downloading the AppleInsider app, and follow america connected YouTube, Twitter @appleinsider and Facebook for live, late-breaking coverage. You tin besides cheque retired our authoritative Instagram relationship for exclusive photos passim the event.