“Squid Game is back, watch new season before anyone else.” New phishing email can hack your device with malware

Researchers at security firm Proofpoint recently spotted a malicious campaign deployed by the cybercriminal group identified as TA575 in which the Dridex malware variant is distributed using a theme from “The Squid Game”, the popular Netflix series. Apparently, hackers send phishing emails offering random users supposed early access to the new season of the series or raising the possibility of appearing in an episode as an excuse to infiltrate a target system.

According to experts, at the end of October began to detect a large number of emails addressed to employees in all kinds of industries, mainly in North America. Proofpoint detected four main messages in these malicious emails, including:

  • “The Squid Game is back; watch the new season before anyone else”
  • “Invite your customers to watch the new season”
  • “Watch a preview of the casting of the new season of the Squid Game”
  • “Audition to appear in the new season of the Squid Game”

In addition to offering these supposed benefits, the message asks the victim to fill out an attached form in the form of an Excel document that includes malicious macros that, when enabled, initiate the download of Dridex, a banking Trojan hosted on a Discord URL and capable of stealing confidential information, installing tracking malware and some ransomware variants.

About the group operating this campaign, experts say that it is an affiliate of the malware active since 2020 and specialized in the distribution of Dridex using Microsoft Office attachments. Since its inception, this hacking group has sent tens of thousands of emails to users around the world, impacting the operations of hundreds of organizations.

A characteristic feature of this group is the use of Discord to host malware, which reduces suspicions of malicious activity. As you may recall, Discord is a communications platform with home and business uses that has often been the subject of similar hacking campaigns.

Finally, it is necessary to remember that this is not the first time that some hacking group tries to use the popularity of the Squid Game for their own purposes. A couple of weeks ago, Spanish authorities reported the detection of cards similar to those used in the series in random public places. These cards included QR codes that, when scanned, could have redirected users to phishing websites.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.