CYBERBIT uncovers Dridex malware persistency and stealth mechanism

Elbit 2CYBERBIT, Israel-based Elbit Systems’ wholly-owned subsidiary, announced on January 25 that it uncovered for the first time, the Dridex malware’s advanced and sophisticated persistency mechanism, allowing organizations to detect and remove the malware.

The unique analysis was revealed by CYBERBIT’s dedicated malware research expert team, who managed to conduct a detailed dynamic behavioral analysis of the Dridex malware, fully revealing its infection process and persistency mechanism. Part of Dridex’ robustness is attributed to its ability to constantly generate new variants for each attack, thus going undetected under AV engines. CYBERBIT’s malware research team, a group of specialists who analyze malwares and security threats in order to enrich CYBERBIT’s analyses methods and algorithms, managed to reveal Dridex’ persistency mechanism, which allows it to remain uncovered and undetected due to its unique mode of operation.

Since its appearance in late 2014, Dridex has been one of the most notable malware threats, designed to steal personal banking information and credentials mostly from small and medium-sized organizations. Dridex malware attacks are said to be responsible for the theft of over $50 million, out of which $30 million was stolen from UK accounts alone. The criminal forces behind Dridex are believed to have links to similar cybercrime gangs.  CYBERBIT suspects that such criminal organizations experience from previous activities are those that allow Dridex authors and affiliates to keep their infrastructure alive and to stay active and dangerous.

Source: Elbit Systems Ltd.