Security researchers from Seculert firm have discovered a variant of the Cridex banking worm, dubbed Geodo, which spreads itself through email.
In the last months a significant number of banking trojans have been proposed by cyber criminal ecosystem, from EMOTET to Dyreza, criminals have used a wide casuistry of techniques to deceive bank customers.
“The C&C provides the malware with a batch of 20 targeted email addresses.The malware is also given a from address, subject line, and email body text unique to this particular batch of emails. Once the malware has run through the batch, it is provided with a new batch of 20 emails. And with each new batch of emails the C&C also sends a new from address, subject line, and body.”
“The emails we have seen, written in German, contain a link prompting the recipient to download a zip file which contains an executable disguised as a PDF document,” “By opening the file, Geodo [new version of Cridex] is installed on the newly infected endpoint, adding a new bot to the mix.” states Seculert in the blog post.