{"id":46371,"date":"2021-11-04T12:32:25","date_gmt":"2021-11-04T08:32:25","guid":{"rendered":"https:\/\/techxmedia.com\/?p=46371"},"modified":"2025-04-16T15:49:21","modified_gmt":"2025-04-16T11:49:21","slug":"ta575-distributes-dridex-malware-using-squid-game-lures","status":"publish","type":"post","link":"https:\/\/techxmedia.com\/en\/ta575-distributes-dridex-malware-using-squid-game-lures\/","title":{"rendered":"TA575 distributes Dridex malware using &#8216;Squid Game&#8217; Lures"},"content":{"rendered":"\n<p>The significant cybercrime actor TA575 used squid Game lures to distribute Dridex malware, according to <a href=\"https:\/\/techxmedia.com\/tag\/proofpoint\/\">Proofpoint<\/a>. The threat actor is posing as Netflix-related companies, sending emails inviting targets to receive early access to a new season of Squid Game or to be a part of the TV show casting process.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"460\" src=\"https:\/\/techxmedia.com\/wp-content\/uploads\/2021\/11\/ins-TA575-Dridex-malware-Squid-Game-Lures-techxmedia.jpg\" alt=\"ins - TA575 - Dridex malware -Squid Game Lures - techxmedia\" class=\"wp-image-46379\" srcset=\"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2021\/11\/ins-TA575-Dridex-malware-Squid-Game-Lures-techxmedia.jpg 800w, https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2021\/11\/ins-TA575-Dridex-malware-Squid-Game-Lures-techxmedia-300x173.jpg 300w, https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2021\/11\/ins-TA575-Dridex-malware-Squid-Game-Lures-techxmedia-768x442.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<p>Proofpoint discovered thousands of emails targeting all industries, particularly in the United States, on October 27, 2021. Subjects in the emails included:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Squid Game is back, watch new season before anyone else.<\/li><li>Invite for Customer to access the new sesason.[sic]<\/li><li>Squid game new season commercials casting preview<\/li><li>Squid game scheduled season commercials talent cast schedule<\/li><\/ul>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile\" style=\"grid-template-columns:23% auto\"><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"500\" src=\"https:\/\/techxmedia.com\/wp-content\/uploads\/2021\/11\/Emile-Abou-Saleh-Proofpoint-TA575-Dridex-malware-Squid-Game-Lures-techxmedia.jpg\" alt=\"Emile Abou Saleh - Proofpoint - TA575 - Dridex malware -Squid Game Lures - techxmedia\" class=\"wp-image-46378 size-full\" srcset=\"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2021\/11\/Emile-Abou-Saleh-Proofpoint-TA575-Dridex-malware-Squid-Game-Lures-techxmedia.jpg 500w, https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2021\/11\/Emile-Abou-Saleh-Proofpoint-TA575-Dridex-malware-Squid-Game-Lures-techxmedia-300x300.jpg 300w, https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2021\/11\/Emile-Abou-Saleh-Proofpoint-TA575-Dridex-malware-Squid-Game-Lures-techxmedia-150x150.jpg 150w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p>&#8220;Threat actors worldwide are continuing to target people with agile and relevant attacks. At Proofpoint, we see 94% of cyberattacks starting via email, and more than 99% of those requiring human interaction to activate and enable the attack,&#8221; said Emile Abou\u00a0Saleh, Regional Director, Middle East and Africa for Proofpoint.<\/p>\n<\/div><\/div>\n\n\n\n<p>He added, &#8220;In addition, Proofpoint&#8217;s recent regional research found that 70 % of CISOs\/CSOs in the UAE believe that human error was one of the biggest risk factors for their organization.\u00a0As these threats grow in scope and sophistication, it is critical that organizations\u00a0and people alike shore up their defenses against email fraud by adopting <a href=\"https:\/\/techxmedia.com\/tag\/cybersecurity-2\/\">cybersecurity <\/a>software to protect themselves from threat actors. Companies need to remain alert and foster a strong security culture through effective and ongoing security awareness training.&#8221; he concluded.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"460\" src=\"https:\/\/techxmedia.com\/wp-content\/uploads\/2021\/11\/ins2-TA575-Dridex-malware-Squid-Game-Lures-techxmedia.jpg\" alt=\"ins2- TA575 - Dridex malware -Squid Game Lures - techxmedia\" class=\"wp-image-46380\" srcset=\"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2021\/11\/ins2-TA575-Dridex-malware-Squid-Game-Lures-techxmedia.jpg 800w, https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2021\/11\/ins2-TA575-Dridex-malware-Squid-Game-Lures-techxmedia-300x173.jpg 300w, https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2021\/11\/ins2-TA575-Dridex-malware-Squid-Game-Lures-techxmedia-768x442.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<p>The emails instruct the recipient to either fill out an attached document to receive early access to the show&#8217;s upcoming season or a talent form to be considered for background casting. The attachments are Excel spreadsheets that, if activated, will download the Dridexbanking\u00a0Trojan affiliate id&#8221;22203&#8243; from Discord URLs. Dridex is a widely circulated banking trojan that can lead to data theft and the installation of further infections such as<a href=\"https:\/\/techxmedia.com\/tag\/ransomware\/\"> ransomware<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"460\" src=\"https:\/\/techxmedia.com\/wp-content\/uploads\/2021\/11\/ins1-TA575-Dridex-malware-Squid-Game-Lures-techxmedia.jpg\" alt=\"ins1 - TA575 - Dridex malware -Squid Game Lures - techxmedia\" class=\"wp-image-46381\" srcset=\"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2021\/11\/ins1-TA575-Dridex-malware-Squid-Game-Lures-techxmedia.jpg 800w, https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2021\/11\/ins1-TA575-Dridex-malware-Squid-Game-Lures-techxmedia-300x173.jpg 300w, https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2021\/11\/ins1-TA575-Dridex-malware-Squid-Game-Lures-techxmedia-768x442.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<p>Proofpoint has been tracking TA575 as a Dridex affiliate since late 2020. Malicious URLs, Microsoft Office attachments, and password-protected files are all used by this organization to spread malware. TA575 sends thousands of emails per campaign, affecting hundreds of organizations on average. Dridex is also hosted and distributed by TA575 via the Discord content delivery network (CDN). Cybercriminals are increasingly using Discord, a messaging platform with consumer and commercial applications, as a virus hosting service.<\/p>\n\n\n\n<p>Invoicing and payments are common TA575 subjects, but they can also incorporate popular news, events, and cultural references. Squid Game has become a popular lure and virus subject for cybercriminal threat actors in general. This makes sense; because Squid Game is <a href=\"https:\/\/techxmedia.com\/tag\/netflix\/\">Netflix&#8217;<\/a>s &#8220;largest ever&#8221; series, the number of people who might unwittingly interact with malicious content linked with it is bigger than with a generic luring subject. The offer to participate in the future season, according to TA575, will tempt more users to connect with the malicious Microsoft Excel file.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The emails instruct the recipient to either fill out an attached document to receive early access to the show&#8217;s upcoming season or a talent form to be considered for background casting.<\/p>\n","protected":false},"author":8,"featured_media":46377,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[9619],"tags":[771,489,1222,801],"contributor":[9732],"class_list":["post-46371","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-top-stories","tag-malware","tag-netflix","tag-proofpoint","tag-ransomware","contributor-news-desk"],"featured_image_src":"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2021\/11\/TA575-Dridex-malware-Squid-Game-Lures-techxmedia.jpg","author_info":{"display_name":"Rabab","author_link":"https:\/\/techxmedia.com\/en\/author\/rabab\/"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/46371","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/comments?post=46371"}],"version-history":[{"count":0,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/46371\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media\/46377"}],"wp:attachment":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media?parent=46371"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/categories?post=46371"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/tags?post=46371"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/contributor?post=46371"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}