HomeNewsDridex being dropped by TA575 using squid game lures

Dridex being dropped by TA575 using squid game lures

-

We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 22/11/2021 by Sunaina

A threat organization has used the popular web series Squid Game as a bait to transmit the Dridex virus. The TA575 threat organization is sending malicious emails to potential victims, promising early access to the show or a part in the TV show.

Proofpoint discovered hundreds of emails addressed at sectors mostly situated in the United States in October. Squid Game is returning, watching the new season before anybody else. Squid Game planned season advertisements, talent cast schedule, and Squid Game new season ads were all included in the emails. The email also instructs the victim to complete an attached document in order to gain early access to the new season or a talent form in order to apply for a part in background casting. The emails contain Excel documents with malicious macros as attachments. If activated, Dridex malware with an affiliate id of 22203 will be distributed to the recipient’s PC through Discord URLs.

TA575 is a Dridex affiliate that has been monitored since late 2020. Malware has been propagated through a variety of attack routes, including malicious URLs, Office attachments, and password-protected files. Every campaign, the group sends thousands of emails to hundreds of organisations. The assault themes of TA575 occasionally involve popular news, events, or cultural allusions.

Further, TA575 has jumped on board with the trend of capitalizing on the popularity of TV shows that are generating headlines throughout the world. As a result, individuals should not accept anything on the internet that appears to be too good to be true. Always visit reputable sources to confirm the veracity of a news item or assertion.

Sunaina
Sunaina
A tech enthusiast, with a mission to report data breaches, fraudulent practices, dark pattern practices, and updates. She is also frequently fascinated by fintech and unicorns.
- Advertisment -

Must Read

This is how Russia is being punished for the war

0
The developer of the popular "node-ipc" NPM package published a new modified version to denounce Russia's invasion of Ukraine, sparking concerns about open-source and...