Dridex malware delivered via emailed fake Amazon gift cards
Consumers in the United States and Western Europe are being targeted by an Amazon gift card scam. If fooled by the fake digital Amazon gift cards, the victim’s computer is infected with Dridex malware. Dridex steals bank account credentials as well as other sensitive data from the infected device.
The cybercriminals use three tactics to compromise the victim’s computer with Dridex. In all three techniques, the victim is tricked into downloading a harmful email attachment that infects their computer with Dridex banking Trojan.
Shoppers are sent legitimate looking emails claiming they have received a downloadable Amazon gift card from someone they know.
“Consumers have long been a favored target for cybercriminals, and the sharply increased volume of online shopping spurred by the COVID-19 pandemic have made consumer-focused attacks potentially even more attractive,” say cyber security researchers at the Cybereason Nocturnus Team.
What is Dridex Malware?
Dridex malware is a banking Trojan. When a device is compromised by Dridex, it sends all banking information discovered on the infected device – like bank account numbers and online banking login credentials to servers controlled by the attackers. The attackers use the information to gain access to your bank account and steal money.
This banking Trojan has been in use for at least eight years and is the work of cybercriminals that go by the moniker Evil Corp. Dridex is commonly delivered via phishing emails that contain weaponized Microsoft Office email attachments.
“When carrying out such attacks, threat actors spend a great deal of time customizing the themes used to get the attention of an unsuspecting victim,” says Cybereason.
In October, Evil Corp crippled Garmin services with a WastedLocker ransomware attack. Garmin makes wearable trackers and other GPS devices for its fitness and navigation customers.
Amazon Gift Card Scam Delivery Methods
- Phishing email – In the first delivery tactic, the victim is sent a phishing email that contains a malicious Microsoft Word document. The Word document has the words “gift card” in its filename followed by some numbers. If the victim clicks and the MS Word document and has macros enabled, their device is infected with Dridex. However, most people have macros disabled by default because macros can be used by attackers to run computer code. To ensure delivery, the malicious Word document prompts the victim to “enable content” that will allow macros to run. A VBScript file is then executed which infects the device with malware.
- Screensaver – With the second delivery technique, the attackers send the victim a phishing email with an SCR file attachment. An SCR file is a screensaver file. This type of attachment is more likely to get past anti-malware apps and email filters that protect email accounts. The SCR extension email attachment has an Amazon gift card as part of the filename and uses an Amazon icon to help trick the victim. The SCR file can execute other computer code that infects the users’ devices. When the victim downloads the file to retrieve their fake gift card, their device is infected with Dridex malware.
- Malicious email link – In the third infection tactic there is no email attachment. Instead, the victim is tricked into clicking on a malicious link in the body of the email. If the victim is fooled and clicks on the link, it downloads VBScript files that run malware.
How to Protect Yourself from a Gift Card Scam
Cyber criminals commonly send emails disguised as notifications from major brands that everybody knows. Attackers can also send emails that appear to be from someone in your address book. In reality, the email is sent from elsewhere and is cleverly disguised.
- Never click on links in any unsolicited emails – this includes gift cards, password reset requests, or any other type of notification.
- Never download an email attachment if you weren’t expecting something to be sent to you.
- Be especially suspicious of any email that urges you to act quickly. For example, an email telling you must click on a link or downloaded attachment within two hours or face a financial penalty. Cyber criminals countdown you acting without thinking or scrutinizing the contents of the email. This way they can affect infect as many devices as quickly as possible.
- Use a reliable email scanner app an anti-virus app to help protect your phones, laptops tablets, and computers. the security app will screen emails and websites that act harmful email attachments, malicious links, and website second steel your money and passwords.