Dridex banking malware modified to spread using macOS

A variant of the Dridex banking malware is using macOS to spread to others, by using email attachments that look like regular documents.

Security researchers at Trend Micro said on Thursday that the malware previously targeted Windows, but now the cybercriminals have changed their strategy to go after macOS.

The Dridex malware sample Trend Micro analyzed takes the form of a Mach-O file, an executable file that can run on macOS and iOS. File extensions they use include .o, .dylib, and .bundle.

The Mach-O file contains a malicious document that runs automatically once a user opens it. It then overwrites all Microsoft Word files in the macOS user directory and contacts a remote server to download more files, including a Windows executable file (.exe) that runs the Dridex malware.

Content of the executable file dropped by the malware. Source: Trend Micro

These executables can't run on macOS. But, if a user's Word files are overwritten with malicious versions, Mac users could unwittingly infect others when they share the files online.

For now, Mac users are safe from the Dridex malware. Trend Micro says it's possible that attackers could modify it to run on macOS in the future.

How to stay safe

First and foremost, with Dridex, the best way to protect yourself is to not open attachments where the provenance is unclear. Check who the sender is, not just by the displayed name of the sender, but also the email address.

For instance, your credit card company won't send you a receipt from a Gmail account.

Apple includes security tools such as Gatekeeper and the XProtect antivirus software that are built into macOS. Users can also choose to download antivirus software from a third-party company.

An online tool called VirusTotal can scan URLs and files that people upload and detect if it contains malware. For example, if an email has a Microsoft Word document or a Mach-O file as an attachment, it may be a good idea to scan it with the website.

AppleInsider will be covering the 2023 Consumer Electronics Show in person on January 2 through January 8 where we're expecting Wi-Fi 6e devices, HomeKit, Apple accessories, 8K monitors and more. Keep up with our coverage by downloading the AppleInsider app, and follow us on YouTube, Twitter @appleinsider and Facebook for live, late-breaking coverage. You can also check out our official Instagram account for exclusive photos throughout the event.

Latest Exclusives

7 Comments

chadbag 2025 comments · 13 Years

About 1 year ago

Don’t just check the from: address but look at the headers for the sender: header. It should match the from: or be from the same domain. from: headers can be forged and are just there for the user to see. The sender: header, when there, is the real address it is from.

(We’re dealing with this with spam. The from: is forged to look. Correct but the sender is something else totally).

coolfactor 2328 comments · 20 Years

Spam is so easy to detect, generally. AS @chadbag said, checking the headers is important. Also make sure not to follow any links in the email without first checking to see where they are going to. Often, that's a dead giveaway to anyone that knows what to look for. For example, if your bank is ABC Bank, and the link is going to "a-b-c-bank.ru", you know something's not right. :wink:

danox 3360 comments · 11 Years

Microsoft Free here…..

lkrupp 10521 comments · 19 Years

danox said:

Microsoft Free here…..

Good for you but in the real world that’s extremely hard to do. So what do you do when a friend or client sends you a Word document or a Power Point slideshow?

lkrupp said:

danox said:

Microsoft Free here…..

Good for you but in the real world that’s extremely hard to do. So what do you do when a friend or client sends you a Word document or a Power Point slideshow?

Nothing, no Windows or Microsoft word users among friends everyone has moved on to iPhones, iPads, and Macs, at work speaking for myself, the only items that I would ever send home was an occasional pdf, but on my own time, I just didn’t waste anytime with anything from Microsoft other than a Excel document which was once in a blue moon. There are many word/graphic programs available to choose from which are more powerful and better in the UI/layout department.

Microsoft Word and Excel have always had trouble over the years (malware), probably access to all those pirated Windows programs around the world.

Pages, Keynote, Omni Outliner, Quark, In Design, and Notability work very well, recent edition, Affinity Publisher.

When I was in school, I used a page layout program (Quark, and InDesign) to create documents and when other people (teacher/classmates) saw them. They asked me what did I use and I when I told them, they looked at me and said oh! They were hoping that I was using Microsoft Word.

A iPad/Mac, Notability, OmniOutliner, and Pages make creating documents a breeze. The kids in school don’t realize how good they have it in comparison to the so-called good old days, the tools available today are just so much better if they are used.