A threat group has been taking advantage of the popular web series Squid Game as a lure to spread the Dridex malware. Threat group, named TA575, is sending malicious emails to potential victims wherein it promises early access to the show or a role in the TV show.
What has happened?
In October, Proofpoint spotted thousands of emails aimed at industries mostly based in the U.S.
The emails used multiple email subjects, such as Squid Game is back, watch new season before anyone else, Squid Game scheduled season commercials, talent cast schedule, and Squid Game new season commercials.
The email further asks the victim to fill up an attached document to get early access to the new season or a talent form to apply for a role in background casting.
The emails are laden with Excel documents as attachments with malicious macros.
If enabled, Dridex malware will be downloaded to the recipient’s system with an affiliate id of 22203 from Discord URLs.
Who is TA575?
TA575 is a Dridex affiliate being tracked since late 2020. It is known to spread malware using multiple attack vectors, including malicious URLs, Office attachments, and password-protected files.
The group sends thousands of emails in every single campaign aimed at hundreds of organizations.
TA575’s attack themes sometimes include popular news, events, or cultural references.
TA575 has joined the bandwagon in taking advantage of the popularity of TV series that are making news around the world. Thus, people should not believe anything on the internet that looks too good to be true. Always verify the authenticity of a news or claim by visiting reliable sources.