TA575 criminal group using 'Squid Game' lures for Dridex malware

Cybersecurity firm Proofpoint has found evidence of a prolific cybercrime group using the popularity of Netflix hit “Squid Game” to spread the Dridex malware. 

In a blog post, Proofpoint said TA575 — a “large cybercrime actor” — has sent emails pretending to be someone working on the show, urging people to download malicious attachments or fill out forms with sensitive information. 

The emails come with subject lines saying things like: “Squid Game is back, watch new season before anyone else,” “Invite for Customer to access the new season,” “Squid game new season commercials casting preview,” and “Squid game scheduled season commercials talent cast schedule.”

Proofpoint said it found thousands of emails using the lures that targeted a variety of industries in the US. Some of the emails try to lure victims in by saying they could be in the show if they download a document and fill it out. 

Proofpoint

“The attachments are Excel documents with macros that, if enabled, will download the Dridex banking trojan affiliate id ‘22203’ from Discord URLs,” Proofpoint researchers Axel F and Selena Larson wrote. 

Sherrod DeGrippo, vice president of threat detection and response at Proofpoint, told ZDNet that Dridex is a banking trojan used to siphon money directly

Read More: https://www.zdnet.com/article/ta575-criminal-group-using-squid-game-lures-for-dridex-malware/#ftag=RSSbaffb68