Dridex, a year of online fraud

Dridex malware is a Trojan with multiple functionalities. Its activity is mainly based on the theft of banking data from users through web sites or "web-injects". However, it has also been used for other and less obvious purposes. For example, stealing documents in sensitive sectors such as government networks, hospital environments, universities, legal services, copyright management entities and aeronautical companies.


With 195 countries affected and over 344,721 infected computers, based on data collected by S21sec, Dridex has focused mainly on UK (circa 115,000 infections), France (over 62,000 infections), U.S. (about 25,000 infections) and, latterly, Spain (just under 6,000 infections). 

Some tips to avoid Dridex are the following:

  • Delete any suspicious-looking emails, especially if they have links and/or attachments. Don’t even open them, just delete them. If they pretend to come from legitimate organizations, verify with the organization in question first.
  • Install an antimalware solution that also covers email in its protective scope. This should remove the chance of accidentally opening malicious email/malicious attachments in the first place.
  • In case of a DRIDEX infection, immediately change online banking account passwords via a different (and hopefully uninfected) system, and touch base with the bank to alert them for any fraudulent transactions taking place. Users should do the same for any account that they may have accessed using their infected system.