Hey Dridex, Tu Runā Latviski?

Has Dridex been brushing up on its Latvian? Or perhaps its written Estonian skills? Maybe it’s preparing a long overseas stay requiring offshore banking accounts in the Cayman Islands? Recent Dridex configurations analyzed by IBM X-Force reveal that the new wave of Dridex attacks is resilient and more complex than your average malware campaign.

Following several quiet months, a spike in renewed activity suggests the gang operating Dridex is picking up speed with precision and planning.

Unlikely Targets

According to IBM X-Force Research, Dridex configurations from the past two months are replete with a hefty count of targets in some more common countries, such as the U.S., U.K., Canada and Australia. However, the Trojan is targeting some less charted territories as well, such as Lithuania, Latvia, Estonia, Lebanon and Ukraine, to name a few. This is quite uncommon for any banking Trojan.

Per its configuration files, Dridex currently targets over 20 Latvian banks, three banks in Estonia, three in Lithuania and one in Ukraine, among its other uncommon choices of late.

This Dridex post was part of my work with IBM X-Force. Read the complete post here.