Subscribe

Dridex Lures Employees To Open Malicious Docs Via Fake Emails

December 23, 2021

Dridex, banking malware is currently being used to deceive employees into clicking on malicious Excel documents.

The malicious documents were sent to employees via fake employee termination emails.

These emails use the subject line “Employee Termination.” The content informs recipients that their employment will end on December 24th, 2021.

The email pointed out that “this decision is not reversible.” Embedded in the email is an attached Excel password-protected spreadsheet named ‘TermLetter.xls.”

As soon as an employee opens the Excel spreadsheet and enters the password, a blurry “Personnel Action Form” appears, asking them to “Enable Content” to display it properly.

Once activated, the victims receive a “Merry X-Mas Dear Employees!” pop-up message. Unknown to the victims, a malicious HTA file was stored in the C:\ ProgramData folder during the process. HTA contains a malicious VBScript that downloads Dridex from Discord to infect the device.

In order to mitigate this type of attack, users who receive such emails are advised to contact their human resources department or employees before opening the email.

For more information, read the original story in BleepingComputer.

Top Stories

New Deepfakes Can Mimic Heartbeats, Evading Detection Tools

RBC Pushes Employees Back to Office to Preserve ‘Winning Culture’

Microsoft Azure Closes Cloud Gap with AWS as AI and Enterprise Migrations Fuel Growth

Sleeper Supply Chain Attack Activates After 6 Years

Dell has another major round of layoffs

One of the biggest data breaches ever, billions of users affected

Related Articles

65% of Canadians Still Reusing Passwords Despite Identity Theft Fears, Okta Study

June 24, 2025 A new report from Okta shows that despite growing fears about identity theft, most more...

Ottawa Warns of China-Linked Hack on Canadian Telecom Gear

June 23, 2025 Canada’s cybersecurity agency and the U.S. Federal Bureau of Investigation have confirmed that a more...

Broadcom Defends VMware Price Hikes, Says Customers Are “Using It Wrong”

June 23, 2025 LONDON — Broadcom executives are defending sharply higher costs under VMware’s new subscription model, more...

MIT Warns SpaceX Could Lose Up to Two‑Thirds of Starlink Fleet to Orbital Congestion

June 18, 2025 A study by researchers at the Massachusetts Institute of Technology warns that SpaceX may more...

Jim Love

Jim is and author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.