proof point Identified a malware campaign launched by the criminal group TA575 who distributes DredX Malware Using chain-based baits squid game. Cybercriminals pretend to be entities associated with the worldwide Netflix series, using emails inviting recipients to arrive early for a new season or join the cast of the TV show.

beginning From October 27, 2021Note Proofpoint Thousands of emails addressed to all sectors, Mainly in the United States, which uses topics such as:

• Squid is back, watch the new season before anyone else.
• An invitation to enter the new season. [sic]
• Squid game, here’s the new season, casting for commercials
• Squid game, here’s the new season, co-casting

The emails ask the potential victim to fill out an attached document for early access to the new season of squid game Or a form to propose yourself as part of the additional cast. Attachments are Excel documents containing macros which, if enabled, will download Dridex’s banking Trojan ID “22203” from Discord URLs. Dridex is prolific banking trojan Distributed by various affiliates which can lead to data theft and subsequent installation of malware like ransomware.

TA575 is a Dridex cybercriminal group that has been monitored by Proofpoint since the end of 2020. This group distributes malware via malicious URLs, Microsoft Office attachments, and password-protected files. On average, TA575 sends thousands of emails per campaign such as those related to squid game, affecting hundreds of organizations. The TA575 also uses a Discord Content Delivery Network (CDN) to host and distribute Dridex. Discord, a communication platform with consumer and corporate uses, is a popular malware hosting service among cybercriminals.

Topics used by TA575 generally include billing and payments, but also occasionally trending news, events, and cultural references. Currently, Squid has been launched by cybercriminals as a popular topic for bait and malware. And for a reason: since it’s the series.”Most Successful EverFor Netflix, the range of potential victims who might inadvertently interact with the harmful content associated with it is higher than the topic of public taste. TA575 is betting that the invitation to participate in the upcoming season will entice users to interact with the malicious Microsoft Excel file.