Dridex is a Trojan that’s been commonplace in email inboxes for the past few years and is one of the top three pieces of phishing malware in terms of utilization. Authorities have been looking to shut it down for some time and in 2015 even managed to catch someone who may be responsible for it — but the Trojan is still out there, causing damage.
Except it’s doing a lot less of it now, as whoever was behind the white-hat hack was able to crack into the Dridex distribution servers and replace the malicious files with a full installer of the latest version of Avira anti-virus. Now when some are infected, instead of having their keystrokes recorded and their banking searches injected with malicious code, they get an anti-virus install.
Of course there is still a chance that this is all a ruse. Avira isn’t behind the move, so some have suggested that the files being sent out are still malicious in nature, but are at this time just attempting to trick people into trusting Avira or being less careful with what they install.
“We still don’t know exactly who is doing this with our installer and why, but we have some theories,” said Moritz Kroll, a malware expert at Avira (via PCWorld). “This is certainly not something we are doing ourselves.”
If this is the case of a white-hat hacker doing a good deed though, it’s difficult not to wish them well. In the world of anti-cyber-crime, we need all the help we can get.
