Dridex Phishing Campaign

The NJCCIC has detected a phishing campaign targeting New Jersey State employees and users around the country that intends to install the Dridex  banking trojan onto targeted systems. Recent subject lines associated with this campaign begin with words such as “Payment,” “Inv,” “Acknowledge,” and “Account,” followed by varying letter/number combinations. These emails contain Microsoft Word document attachments that when opened and if macros are enabled, downloads the Dridex trojan. Banking trojans are used by threat actors to obtain login credentials for financial and other sensitive accounts. The NJCCIC recommends educating end users about this and similar threats and reminding them never to click on links or open attachments delivered with unexpected or unsolicited emails. Additionally, if end users have received and taken action on these emails, isolate the affected systems from the network and perform a full system scan using a reputable anti-virus/anti-malware solution. Proactively monitor and change passwords to any financial, personal, or business accounts accessed on infected systems and enable multi-factor authentication where available.