Dridex banking malware modified to spread using macOS

Dridex targets Macs

AppleInsider may earn an affiliate commission on purchases made through links on our site.

A variant of the Dridex banking malware is using macOS to spread to others, by using email attachments that look like regular documents.

Security researchers at Trend Micro said on Thursday that the malware previously targeted Windows, but now the cybercriminals have changed their strategy to go after macOS.

The Dridex malware sample Trend Micro analyzed takes the form of a Mach-O file, an executable file that can run on macOS and iOS. File extensions they use include .o, .dylib, and .bundle.

The Mach-O file contains a malicious document that runs automatically once a user opens it. It then overwrites all Microsoft Word files in the macOS user directory and contacts a remote server to download more files, including a Windows executable file (.exe) that runs the Dridex malware.

Content of the executable file dropped by the malware. Source: Trend Micro
Content of the executable file dropped by the malware. Source: Trend Micro

These executables can't run on macOS. But, if a user's Word files are overwritten with malicious versions, Mac users could unwittingly infect others when they share the files online.

For now, Mac users are safe from the Dridex malware. Trend Micro says it's possible that attackers could modify it to run on macOS in the future.

How to stay safe

First and foremost, with Dridex, the best way to protect yourself is to not open attachments where the provenance is unclear. Check who the sender is, not just by the displayed name of the sender, but also the email address.

For instance, your credit card company won't send you a receipt from a Gmail account.

Apple includes security tools such as Gatekeeper and the XProtect antivirus software that are built into macOS. Users can also choose to download antivirus software from a third-party company.

An online tool called VirusTotal can scan URLs and files that people upload and detect if it contains malware. For example, if an email has a Microsoft Word document or a Mach-O file as an attachment, it may be a good idea to scan it with the website.

AppleInsider will be covering the 2023 Consumer Electronics Show in person on January 2 through January 8 where we're expecting Wi-Fi 6e devices, HomeKit, Apple accessories, 8K monitors and more. Keep up with our coverage by downloading the AppleInsider app, and follow us on YouTube, Twitter @appleinsider and Facebook for live, late-breaking coverage. You can also check out our official Instagram account for exclusive photos throughout the event.