Dridex Returns To Target MacOS With Updated Techniques


  • ransom-4


Threat actors have been seen targeting Mac users with the Dridex malware.

Although the malware is not new, this variant appears to still be under development as the final payload was an executable.

The initial file analyzed arrived as a Mach-o executable that performed discovery routines and writes malicious code to files with a doc extension.

The malware continues the malicious activity by enabling macros and retrieving additional payloads from decrypted URLS.

The current impact to MacOS users is minimal due to the payload file extension, however it may prove to be effective upon further development.

SkyWatchSM Alert Legend

  • small-bell


  • active-threat0-lt-green

    Active Threat

  • malware-lt-green


  • ransome-lt-green


  • warning-green


  • file-green


Glesec Information Sharing Protocol

GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).

  • TLP-White

    Disclosure is Not Limited.

  • TLP-Green

    Limited Disclosure, Restricted Only to the Community.

  • TLP-Amber

    Limited Disclosure, restricted to the Participant's Organization.

  • TLP-Red

    Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.

Discover Glesec.

Authority. Consistency.

Sign-up today for SkywatchSM Alerts.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.