The Dridex banking malware has been uncovered in a spam email campaign targeting company accountants.
The spam email has an attachment which is masquerading as legitimate by saying it was scanned from a Xerox Multifunction Printer and directly sent to the recipient. However, the file is really a macros-enabled .doc which will retrieve Dridex from numerous compromised webpages. Once installed, Dridex then hibernates until bank credentials are entered on the computer. Dridex then wakes up and sends the details to the attackers.
So accountants, keep an eye out for an email with the subject line “Scanned from a Xerox Multifunction Printer” – it’s a phony!