Creative criminals use the success of Netflix series Squid Game to spread new malware.
It's called Dridex and it's a malware spread on the net by the criminal group TA575 exploiting the popularity of the famous Netflix series. The Proofpoint researchers would have identified e-mails, sent mainly to the American public, which anticipating the release of the new season of the Squid Game series, install malware on the victim's device that not only steals personal data but could also install ransomware.
In the e-mails, which contain phrases such as "Squid Game is back" or "watch the new season", the user is invited to fill in a form or an excel file to get a preview access to the new season of the series, but this actually installs the computer virus. Yet this is certainly not the first time that cybercriminals exploit the famous TV series broadcast by Netflix or other trending news, capable of attracting the interest of the public and among others, even those who naively fall into the trap.
The TA575 group has been controlled by Proofpoint experts since last year: the modus operandi is to spread malware through URLs or attached Office documents.
Dridex is among the most widespread malware in Italy
The Dridex malware was among the most widespread in 2020 in Italy, even if it is not new in reality because it is an update of a malware present since 2011. However, it proved to be very insidious because it was directed to Windows platforms and sent as an attachment in campaigns targeted emails. At first it stole bank logins and sent them to the hacker's server, today it is mostly used for ransomware-type attacks.
Not just emails but infected apps as well
Hackers' creativity hasn't stopped with emails but has already taken an interest in apps. In particular, apps containing malware related to Squid Game were found. In fact, due to the popularity of the series, hundreds of unofficial apps were found in a very short time, including those created specifically to spread computer viruses. Of course, Google has noticed it and the apps in question have been removed, but in the meantime already 5 thousand had downloaded it.
How to defend yourself
To protect yourself, it is always good to follow some simple but effective rules. Be wary of unknown emails and avoid downloading attachments of any kind. In case of doubt, it is sufficient to carry out an online search to understand if that e-mail is reported as dangerous. Also, always check the sender's e-mail address, because it won't have the official domain.
As for apps, the advice is similar. Always be wary of unofficial ones.
