Last Updated on 22/11/2021 by Sunaina
A threat organization has used the popular web series Squid Game as a bait to transmit the Dridex virus. The TA575 threat organization is sending malicious emails to potential victims, promising early access to the show or a part in the TV show.
Proofpoint discovered hundreds of emails addressed at sectors mostly situated in the United States in October. Squid Game is returning, watching the new season before anybody else. Squid Game planned season advertisements, talent cast schedule, and Squid Game new season ads were all included in the emails. The email also instructs the victim to complete an attached document in order to gain early access to the new season or a talent form in order to apply for a part in background casting. The emails contain Excel documents with malicious macros as attachments. If activated, Dridex malware with an affiliate id of 22203 will be distributed to the recipient’s PC through Discord URLs.
TA575 is a Dridex affiliate that has been monitored since late 2020. Malware has been propagated through a variety of attack routes, including malicious URLs, Office attachments, and password-protected files. Every campaign, the group sends thousands of emails to hundreds of organisations. The assault themes of TA575 occasionally involve popular news, events, or cultural allusions.
Further, TA575 has jumped on board with the trend of capitalizing on the popularity of TV shows that are generating headlines throughout the world. As a result, individuals should not accept anything on the internet that appears to be too good to be true. Always visit reputable sources to confirm the veracity of a news item or assertion.