There has been a new phishing campaign that disguises itself as a legitimate accounting software Xero by sending fake emails to unsuspecting users. This raises a lot of concerns as the ones fooled can get infected with a malicious Trojan called Dridex, which can steal some sensitive information regarding banking details.
Xero is an application for accounting that helps people save time by providing a lot of useful tools. It is based in New Zealand and does not have any malicious intentions on its own. However, scammers can potentially ruin the reputation of really good products.
There are a lot of infected computers all over the globe, as Xero is quite widely used. Unfortunately, this phishing case is not the only one, as there are other similar cases discovered. Possibly the same scammers are using MYOB, Dropbox, and Quickbooks in order to infect even more devices, as they try to use popular brands that users trust.
The actual phishing scam itself is implemented through emails, which claim that there is a billing invoice link attached. It encourages its victims to open the bill and view the payment details.
In order to appear legitimate, the hackers put some real links to the email, which lead to the original Xero website. What is more, the actual email was made to look like a real one, written professionally and appearing to be serious. The only fake link is the one redirecting to the supposed invoice.
The data that were gathered are then encrypted and sent to a malicious server.
However, maybe the biggest threat from all of this is Dridex (also called Bugat and Cridex), a piece of Trojan malware designed to steal banking information in order to perform illegal transactions. It is usually spread via email attachments. Dridex steals the info by infiltrating itself into Chrome, Internet Explorer, and Firefox browsers.
To avoid similar threats, don’t trust any emails immediately, even if they seem to have come from a reputable source. Be extremely careful about opening links and attachments that come with a letter. The best safety measure, however, is having an up-to-date anti-malware program that would detect even zero-day threats.