Dridex is a species of banking malware that leverages macros in Microsoft Office to infect systems. After a computer has been properly infected, Dridex attackers can steal banking credentials and other personal information on the system to gain entryway into the financial records of any user. Dridex operates by first materializing on a user’s computer as a malicious spam e-mail with a Microsoft Word document that is attached to the message.
If the user opens the document, a macro embedded in the document surreptitiously prompts a download of the Dridex banking malware, enabling it to first steal banking credentials and then attempt to generate fraudulent financial transactions. The victims of this subset of this malware are always classified as Windows users who open an email attachment in Word or Excel, which in effect, releases macros that activate and download Dridex. The result is infecting the computer and opening the victim to banking theft, causing catastrophic results.