Online shoppers in the U.S and Western Europe are targeted by delivering fake Amazon gift cards by Dridex malware gang.
COVID-19 pandemic has changed the shopping behaviour of consumers. The pandemic has made the greatest shift towards a more digital world where people shop online more frequently.
According to the cybersecurity firm Cybereason, the attackers send a phishing email stating the recipient has received a free Amazon gift certificate. The email urges the user to download or link to the $100 gift card that users must redeem by clicking on a phishing email button.
When clicked, the malicious Word Documents are downloaded with names similar to `Amaxon_Gift_Card, ’ `Order_Gift_Cart, ’ and `Amazom_eGift-Card.’
“When opened, the attachments will state that they were created in an online version of Microsoft Office and prompt the recipient to click on the ‘Enable Content’ button. Doing so, though, will execute malicious macros that download and install the Dridex malware, and possibly other payloads, on the victim’s computer, ” reported BleepingComputer.
Cybereason researchers state that the attackers have targeted thousands of victims in the U.S and Western European countries, where Amazon is a typical shopping destination and has local websites.
Dridex is a modular banking trojan that has been active since 2012 and is known to give the BitPaymer, and DoppelPaymer threat actors access to compromised networks to deploy their ransomware.
Dridex can perform various malicious functions including logging keystrokes, stealing login information, capturing screenshots.
Never open emails pretending to be gift cards and persuading you to download and open Word documents. In order to confirm if an eGift card is valid, contact the sender through phone and enquire. Never contact through email.