Dridex malware developers have launched a new spam campaign today by sending emails purporting to be one from IKEA, to targeted users, reports Heimdal Security.
Dridex was first spotted late last year in a spam campaign that generated as many as 15,000 phishing emails a day. Predominantly targeting UK users, the malware strain has also spread across Europe and other countries beyond the continent.
The FBI dealt a blow to the malware operation earlier this month, but the malware strain has still been spotted in the wild since the takedown.
The email contains a receipt that could potentially trick even bird-eyed viewers who could otherwise sniff a spam or a phishing campaign.
The spam message is even crafted from the address “DoNotReply @ ikea.com,” according to Heimdal researchers who discovered the malicious spam campaign. The researchers not that email servers that aren’t properly configured with the best security practices expected in a company with a large customer base has likely resulted in the seemingly legitimate email address from the malware authors.
Once a targeted victim falls for the embedded attachment within the receipt email, things predictably take a turn for the worse, quickly.
Unsurprisingly, Dridex primarily targets banks as a part of the latest campaign. The malware also passes through nearly every antivirus definition check available and in use by most end-users, as tests reveal the uniquely coded strain to predominantly avoid detection.
A recent check on anti-virus engine VirusTotal shows the Dridex strain to only show up as malware in 3 out of 54 engines.
Heimdal security tells Hacked that IKEA have been notified of the vulnerable and improperly configured email servers but changes to improve upon its cybersecurity measures haven’t been implemented.