Subscribe

Dridex Lures Employees To Open Malicious Docs Via Fake Emails

December 23, 2021

Dridex, banking malware is currently being used to deceive employees into clicking on malicious Excel documents.

The malicious documents were sent to employees via fake employee termination emails.

These emails use the subject line “Employee Termination.” The content informs recipients that their employment will end on December 24th, 2021.

The email pointed out that “this decision is not reversible.” Embedded in the email is an attached Excel password-protected spreadsheet named ‘TermLetter.xls.”

As soon as an employee opens the Excel spreadsheet and enters the password, a blurry “Personnel Action Form” appears, asking them to “Enable Content” to display it properly.

Once activated, the victims receive a “Merry X-Mas Dear Employees!” pop-up message. Unknown to the victims, a malicious HTA file was stored in the C:\ ProgramData folder during the process. HTA contains a malicious VBScript that downloads Dridex from Discord to infect the device.

In order to mitigate this type of attack, users who receive such emails are advised to contact their human resources department or employees before opening the email.

For more information, read the original story in BleepingComputer.

Top Stories

Alberta voter data leak exposes millions through political list misuse

Google Gemini now creates downloadable files directly in app

Accenture expands Copilot rollout to 743,000 staff 

Google signs Pentagon AI deal despite internal employee opposition

OpenAI reportedly building AI agent phone to replace app-driven interfaces

China blocks Meta’s $2B AI acquisition, orders deal unwind

Related Articles

Alberta voter data leak exposes millions through political list misuse

May 1, 2026 More than three million Alberta voter records have been exposed after data from Elections Alberta was allegedly more...

Indeed integrates job search into ChatGPT with new in-app experience

May 1, 2026 Indeed has expanded its partnership with OpenAI to integrate job search directly into ChatGPT, allowing users to more...

Chinese court blocks companies from firing workers to replace them with AI

May 1, 2026 Chinese courts have ruled that companies cannot legally dismiss employees simply to replace them with cost-saving artificial more...

Google Gemini now creates downloadable files directly in app

May 1, 2026 Google has updated its Gemini to generate downloadable files directly within the app, allowing users to create more...

Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.
Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.