Skip to main content
  1. Home
  2. Computing
  3. News

Unknown hacker infects malware with anti-virus program

By

dell secureworks prices hacker keyboard 2 970x0
Image used with permission by copyright holder
How does that old expression go? If you can’t beat them, join them? Although perhaps the best outcome is when you can beat them by joining them. That’s what one unnamed white-hat hacker did in the case of the Dridex online banking Trojan virus. Unsuspecting victims of that nasty piece of malware have found themselves with a brand new anti-virus install instead of having their banking details stolen.

Dridex is a Trojan that’s been commonplace in email inboxes for the past few years and is one of the top three pieces of phishing malware in terms of utilization. Authorities have been looking to shut it down for some time and in 2015 even managed to catch someone who may be responsible for it — but the Trojan is still out there, causing damage.

Recommended Videos

Except it’s doing a lot less of it now, as whoever was behind the white-hat hack was able to crack into the Dridex distribution servers and replace the malicious files with a full installer of the latest version of Avira anti-virus. Now when some are infected, instead of having their keystrokes recorded and their banking searches injected with malicious code, they get an anti-virus install.

Please enable Javascript to view this content

Of course there is still a chance that this is all a ruse. Avira isn’t behind the move, so some have suggested that the files being sent out are still malicious in nature, but are at this time just attempting to trick people into trusting Avira or being less careful with what they install.

Related

“We still don’t know exactly who is doing this with our installer and why, but we have some theories,” said Moritz Kroll, a malware expert at Avira (via PCWorld). “This is certainly not something we are doing ourselves.”

If this is the case of a white-hat hacker doing a good deed though, it’s difficult not to wish them well. In the world of anti-cyber-crime, we need all the help we can get.

Editors’ Recommendations

Topics
Jon Martindale
Jon Martindale
Evergreen writer
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
Great, hackers are now using ChatGPT to create malware
A laptop opened to the ChatGPT website.

A new threat has surfaced in the ChatGPT saga, with cybercriminals having developed a way to hack the AI chatbot and inundate it with malware commands.

The research firm Checkpoint has discovered that hackers have designed bots that can infiltrate OpenAI's GPT-3 API and alter its code so that it can generate malicious content, such as text that can be used for phishing emails and malware scripts.

Read more
Hackers are infiltrating news websites to spread malware
A black fedora rests on top of newspapers infected with spreading green lines..

Some alarming news broke today that hundreds of U.S. news websites are unwittingly playing a big role in a new malware campaign that's disguised as a Chrome browser update. This is quite a devious attack method since it's considered an important security practice to update your browser as soon as possible.

The way hackers are delivering the malware is also clever. It’s coming via an advertising network that also supplies video content to newspaper websites across the nation. It’s difficult to identify and shut down this attack because it is applied intermittently. According to a tweet by the security research team Threat Insight, the JavaScript code is being changed back and forth from the normal harmless ad delivery script to the one that includes the hacker code that shows a false update alert.

Read more
Nullmixer is a nasty, new Windows malware dropper
Windows shows a malware warning on a Dell laptop.

Nullmixer is a nasty, new malware dropper that gives us another reason to avoid questionable Windows downloads. Your computer can become infected with malware after downloading and running the dropper, which is disguised as illegal, cracked software or some other app that might prompt you to ignore warnings from your antivirus software.

The horrific thing about Nullmixer is how thoroughly your computer can be hacked by this app. According to the computer security and antivirus company Kaspersky, several families of malware are installed, amounting to dozens of apps that get busy stealing credentials and data, hacking into crypto wallets, and showing black-hat advertising. Every type of malware will begin running on an infected PC, crippling performance and plaguing its owner.

Read more