XaiJu
dtns
dtns

patreon


Squid Game Phishing Used to Spread Malware - Threatwire

Added 2021-11-02 23:15:10 +0000 UTC

By Shannon Morse, ThreatWire

Just as Halloween hit, security research firm Proofpoint ID’d a threat group called TA575 as the actors behind new malware being used to spread Dridex malware. And what is this group using? Squid Game.

They pretend to be from Netflix, and send emails promising users early access to the next season of Squid Game or they could be recruited as part of the cast. The emails promise you can “watch the season before anyone else!” or get access to the “new season with talent cast schedule”. In either case, the target would need to fill out an attached document, which is actually an Excel document with macros, which if enabled, download the Dridex banking trojan. That trojan can steal data or download additional malware like ransomware onto the target machine.

Proofpoint notes that they’ve been tracking TA575 as affiliated with Dridex since late 2020, and they send thousands of emails to impact hundreds of organizations per campaign. They also use the Discord CDN to host and distribute Dridex.

Proofpoint included several indicators of compromise for these attacks on their blog post.

Kaspersky also found several dozen malicious files scattered across the web that used Squid Game to lure in unsuspecting targets with themed scams and malware. A lot of these are malicious trojan downloaders that install malware. One would show an animated version of the first game, while a trojan was downloaded that could steal browser data.  They’ve also seen digital versions of the games online that promise cryptocurrency prizes, but in actuality when a user signs up to play, they hand over personal data that could result in identity theft or malware infections. Kaspersky recommends looking for misspelled words, double checking URLs and checking for HTTPS connections, and if looking to download a video, don’t download one that ends in .exe, .pkg, .dmg, or .msi.

Squid Game:
https://www.proofpoint.com/us/blog/threat-insight/ta575-uses-squid-game-lures-distribute-dridex-malware
https://www.zdnet.com/article/ta575-criminal-group-using-squid-game-lures-for-dridex-malware/
https://www.techrepublic.com/article/you-definitely-dont-want-to-play-squid-game-themed-malware-is-here/
https://www.cnet.com/tech/services-and-software/researchers-spot-dangerous-squid-game-themed-phishing-emails/


More Creators

Angelbunz

Angelbunz

 patreon
blackbarrel

blackbarrel

 patreon
nidhoggn

nidhoggn

 patreon
KattaluPLUS

KattaluPLUS

 patreon
kevin

kevin

patreon
mercuryvert

mercuryvert

 patreon
MagicallyLewd

MagicallyLewd

 patreon
FruitfulAI

FruitfulAI

 patreon
lukeblockwalker

lukeblockwalker

 patreon
YoikiGarage / Assetto Corsa

YoikiGarage / Assetto Corsa

 gumroad
lustfulgeek

lustfulgeek

 patreon
DesertChocolate

DesertChocolate

 patreon
GEN.K

GEN.K

 fanbox
ccy

ccy

 fanbox
なまもななせ

なまもななせ

 fantia
Gretchen

Gretchen

 patreon
Blender Render

Blender Render

 gumroad
きぃ改めミホニウム

きぃ改めミホニウム

 fanbox
SweetLara6

SweetLara6

 fanbox
roro-20200429

roro-20200429

 fanbox
Blair Bear

Blair Bear

 gumroad
enipa

enipa

 fanbox
BusterB

BusterB

 patreon
cari

cari

 fanbox
booiaher

booiaher

 patreon
Mr_Bubblez

Mr_Bubblez

 patreon
CrimsonRose

CrimsonRose

 patreon
nerotvlive

nerotvlive

 patreon
natalie baber

natalie baber

 gumroad
goldrushroleplay

goldrushroleplay

 patreon
つろ/tsuro

つろ/tsuro

 fanbox
nikosVRworlds

nikosVRworlds

 patreon
spicykellybear

spicykellybear

 patreon
kayfoxii

kayfoxii

 patreon
TUBBY TOONS

TUBBY TOONS

 gumroad
アボスキ

アボスキ

 fanbox
くれ

くれ

 fanbox
poorgom

poorgom

 patreon
superheroesaregirls

superheroesaregirls

 patreon
nosebecc

nosebecc

 patreon