Security researchers have recently identified an ongoing attack campaign distributing a new variant of the Dridex trojan. Discovered by malware researcher Brad Duncan, this variant reportedly goes undetected under many of the popular antivirus solutions. Security firm eSentire, which conducted an extensive analysis of this unique variant, suggests that the new infrastructure used for the malware is expected to change over time.
Dridex is one of the fastest evolving malware which has seen advanced features being incorporated in its structure at frequent intervals.
As mentioned earlier, eSentire researchers note that the command and control infrastructure used by the new variant is evolving and the campaign will continue employing new indicators.
“Two observations indicate this campaign isn’t done shifting identifiers. Given the same-day deployment and implementation of the ssl-pert[.]com domain on June 26th and a tendency to utilize randomly generated variables and URL directories, it is probable the actors behind this variant of Dridex will continue to change up indicators throughout the current campaign,” researchers wrote in a blog.