Dridex is an online banking malware used by hackers to steal personal data via HTML injections. Using this malware, hackers steal financial data and other identifiers for users. Dridex malware generally appears as a spam email with a Microsoft Word document attached to it.
According to cybersecurity experts, Dridex malware originated from a previous product known as Zeus Trojan Horse. A trojan horse virus looks like a safe product or application but inflicts havoc when it gets downloaded or included in the system, mostly without the end user’s knowledge. Zeus Trojan Horse evolved into Cridex malware, a type of banking malware containing backdoor entry points that is self-replicating and makes room for the entry of other malware products. Dridex epitomizes the evolution into an email spam-carried malware product.
Dridex enters a PC via source programs that carry a trojan payload that you mistakenly install.
Common sources of such programs include:
- Mounting infected external drives.
- Email attachments.
- Peer-to-peer software sharing.
- Free illegal software download links.
- Accidental clicks on suspicious ads.
- Malicious websites specifically designed to inject Trojan.
Symptoms of Dridex Malware
The key symptoms of Dridex malware infection in a PC include:
- Registry modifications
Trojan-Dridex tries to add new registry entries and alter existing ones. Due to this, the victim will gradually notice their computer behaving in an unusual manner.
- Abnormal network activities
A Dridex malware infection victim may experience abnormal network activities and slow internet speed because this trojan malware tries to access the victim’s network in order to download other malicious programs.
- Slow computer
Unknown startup programs downloaded by Dridex malware will cause the victim’s computer to boot up slowly.
- Change in browser settings
Dridex malware installs malicious files, particularly those that can alter your browser proxy-related settings. This will result in the slowing down of your internet access and the loading of unwanted websites directly in the active browser window or through pop-ups.
How Does Dridex Malware Enter a PC?
In a Dridex malware attack, the victim receives an email that contains an attachment in the form of an Excel document or a Microsoft Word document. This document comes with a payload that downloads the Dridex malware, which is specifically designed for targeting the victim’s online banking details. In these attacks, the victim gets tempted into opening the attachment by using the names of valid companies. Some of these emails may also have an attached invoice indicating that it has come from an online retailer, bank, or a software company.
Dridex malware gets installed immediately after the victim opens the attachment that is sent via an email. After getting successfully installed, the attacker goes ahead and executes the following actions:
- Execute files.
- Upload files.
- Download files.
- Monitor network traffic.
- Take browser screenshots.
- Add the compromised computer to a botnet.
- Download and execute additional files.
- Download and execute additional modules.
- Communicate with other peer nodes via the peer-to-peer (P2P) protocol to recover configuration details.
- Inject self into browser processes for Chrome, Firefox, and Internet Explorer in order to monitor communications and steal data.
How to Remove Dridex Malware
It is difficult to manually detect and remove Dridex malware. However, most antivirus programs are capable of doing so. Scanning your computer with antivirus software like Comodo Antivirus software will help remove the Dridex malware and all files infected by it.
If your computer is infected with Trojan-Dridex, install Comodo Antivirus to scan and remove the threat. We recommend this antivirus software from Comodo, as it comes along with unique security features that make it one of the best antivirus software in the IT security industry. This Comodo virus removal software guarantees complete protection against trojans like Dridex, including viruses, adware, rootkits, backdoors, spyware, worms, zero-day threats, and other malware infections.
Key Security Features Offered by Comodo Antivirus include:
- Default Deny Approach
This unique approach adopted by Comodo by default prevents all files from entering the PC until they successfully prove themselves to be harmless.
This technology offered by Comodo backs the default deny approach by “restraining” or “containing” files and then running them in a separate environment until they prove themselves to be harmless.
This technology helps PC users to undo malicious-looking changes that a PC might have recorded due to malicious actors.
This feature will mark particular files as trustworthy and grant them default access.
- Cloud-Based Behavior Analysis — Valkyrie
This cloud-based behavior analysis system has the potential to keep up with the latest malware.
- Host Intrusion Prevention System (HIPS)
HIPS will be able to comprehensively monitor your PC and prevent the entry of malicious attacks. It executes the search by employing a set of behavior analyzers.
Save yourself from Dridex malware, and download Comodo Antivirus today!