- Malware using hit Netflix show 'Squid Game' as a lure has been spotted by proofpoint
- The phishing campaign uses the promise of early access to season 2 to convince users to download a malicious excel document
- The spreadsheet contains a macro, which when run downloads the Dridex malware
- Dridex is a banking logon stealer
Use the bait of early access to Squid Game season 2, tricking users into thinking they need to download and fill out a form. The form - an excel spreadsheet, contains a malicious macro, which when run downloads the prolific Dridex banking trojan.
An alternate variation of this email instead claims the victim has been selected to apply to be in season 2 of Squid Game.
Upon opening the attached excel document, the user is prompted to enable macros
What is Dridex?
As Proofpoint explains, "Dridex is a prolific banking trojan distributed by multiple affiliates that can lead to data theft and installation of follow-on malware such as ransomware." Dridex first appeared in 2011, since then two members of the group responsible for its creation have been charged by the US, but have not actually been caught.
Dridex continues the trend of malware being run as an affiliate program, the developers hire other criminals as affiliates who spread the malware in exchange for a hefty cut of proceeds, up to 80%.