Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Dridex banking malware modified to spread using macOS

Andrew Orr |

Dridex targets Macs

Last updated

A variant of the Dridex banking malware is using macOS to spread to others, by using email attachments that look like regular documents.

Security researchers at Trend Micro said on Thursday that the malware previously targeted Windows, but now the cybercriminals have changed their strategy to go after macOS.

The Dridex malware sample Trend Micro analyzed takes the form of a Mach-O file, an executable file that can run on macOS and iOS. File extensions they use include .o, .dylib, and .bundle.

The Mach-O file contains a malicious document that runs automatically once a user opens it. It then overwrites all Microsoft Word files in the macOS user directory and contacts a remote server to download more files, including a Windows executable file (.exe) that runs the Dridex malware.

Content of the executable file dropped by the malware. Source: Trend Micro Content of the executable file dropped by the malware. Source: Trend Micro

These executables can't run on macOS. But, if a user's Word files are overwritten with malicious versions, Mac users could unwittingly infect others when they share the files online.

For now, Mac users are safe from the Dridex malware. Trend Micro says it's possible that attackers could modify it to run on macOS in the future.

How to stay safe

First and foremost, with Dridex, the best way to protect yourself is to not open attachments where the provenance is unclear. Check who the sender is, not just by the displayed name of the sender, but also the email address.

For instance, your credit card company won't send you a receipt from a Gmail account.

Apple includes security tools such as Gatekeeper and the XProtect antivirus software that are built into macOS. Users can also choose to download antivirus software from a third-party company.

An online tool called VirusTotal can scan URLs and files that people upload and detect if it contains malware. For example, if an email has a Microsoft Word document or a Mach-O file as an attachment, it may be a good idea to scan it with the website.

AppleInsider will be covering the 2023 Consumer Electronics Show in person on January 2 through January 8 where we're expecting Wi-Fi 6e devices, HomeKit, Apple accessories, 8K monitors and more. Keep up with our coverage by downloading the AppleInsider app, and follow us on YouTube, Twitter @appleinsider and Facebook for live, late-breaking coverage. You can also check out our official Instagram account for exclusive photos throughout the event.

7 Comments

chadbag 13 Years · 2029 comments
About

Don’t just check the from: address but look at the headers for the sender:  header.  It should match the from: or be from the same domain.  from: headers can be forged and are just there for the user to see. The sender: header, when there, is the real address it is from. 

(We’re dealing with this with spam.  The from: is forged to look. Correct but the sender is something else totally). 

coolfactor 20 Years · 2341 comments
About

Spam is so easy to detect, generally. AS @chadbag said, checking the headers is important. Also make sure not to follow any links in the email without first checking to see where they are going to. Often, that's a dead giveaway to anyone that knows what to look for. For example, if your bank is ABC Bank, and the link is going to "a-b-c-bank.ru", you know something's not right.  :wink: 

danox 11 Years · 3442 comments
About

Microsoft Free here…..

lkrupp 19 Years · 10521 comments
About

danox said:
Microsoft Free here…..

Good for you but in the real world that’s extremely hard to do. So what do you do when a friend or client sends you a Word document or a Power Point slideshow?

danox 11 Years · 3442 comments
About

lkrupp said:
danox said:
Microsoft Free here…..
Good for you but in the real world that’s extremely hard to do. So what do you do when a friend or client sends you a Word document or a Power Point slideshow?

Nothing, no Windows or Microsoft word users among friends everyone has moved on to iPhones, iPads, and Macs, at work speaking for myself, the only items that I would ever send home was an occasional pdf, but on my own time, I just didn’t waste anytime with anything from Microsoft other than a Excel document which was once in a blue moon. There are many word/graphic programs available to choose from which are more powerful and better in the UI/layout department.

Microsoft Word and Excel have always had trouble over the years (malware), probably access to all those pirated Windows programs around the world.

Pages, Keynote, Omni Outliner, Quark, In Design, and Notability work very well, recent edition, Affinity Publisher.

When I was in school, I used a page layout program (Quark, and InDesign) to create documents and when other people (teacher/classmates) saw them. They asked me what did I use and I when I told them, they looked at me and said oh! They were hoping that I was using Microsoft Word.

A iPad/Mac, Notability, OmniOutliner, and Pages make creating documents a breeze. The kids in school don’t realize how good they have it in comparison to the so-called good old days, the tools available today are just so much better if they are used.

Read More on our Forums ->
 

Sponsored Content

article thumbnail

How to stop spam calls and reclaim some sanity on your iPhone

Top Stories

article thumbnail

HomeKit Smart doorbell with Face ID expected by 2026

article thumbnail

How Apple's smart home revolution begins in 2025

article thumbnail

Apple says EU interoperability laws pose severe privacy risks

article thumbnail

Don't believe what you see on TikTok - AirDrop doesn't allow thieves to steal your credit card info

article thumbnail

Holiday 2024 MacBook Buyer's Guide — Which Mac laptop you should buy?

article thumbnail

Holiday coupon: save up to $300 on every 14" & 16" MacBook Pro M4