New Squid Game Malware
Malware Phishing

New Squid Game Malware

Jhonti Todd-Simpson
Jhonti Todd-Simpson

You can also watch this video on lbry

  • Malware using hit Netflix show 'Squid Game' as a lure has been spotted by proofpoint
  • The phishing campaign uses the promise of early access to season 2 to convince users to download a malicious excel document
  • The spreadsheet contains a macro, which when run downloads the Dridex malware
  • Dridex is a banking logon stealer

The Plot

Use the bait of early access to Squid Game season 2, tricking users into thinking they need to download and fill out a form. The form - an excel spreadsheet, contains a malicious macro, which when run downloads the prolific Dridex banking trojan.

Source: https://www.proofpoint.com/us/blog/threat-insight/ta575-uses-squid-game-lures-distribute-dridex-malware

An alternate variation of this email instead claims the victim has been selected to apply to be in season 2 of Squid Game.

Source: https://www.proofpoint.com/us/blog/threat-insight/ta575-uses-squid-game-lures-distribute-dridex-malware

Upon opening the attached excel document, the user is prompted to enable macros

What is Dridex?

As Proofpoint explains, "Dridex is a prolific banking trojan distributed by multiple affiliates that can lead to data theft and installation of follow-on malware such as ransomware." Dridex first appeared in 2011, since then two members of the group responsible for its creation have been charged by the US, but have not actually been caught.

Dridex continues the trend of malware being run as an affiliate program, the developers hire other criminals as affiliates who spread the malware in exchange for a hefty cut of proceeds, up to 80%.