{
	"id": "4d9c7ded-68a3-4f4e-9617-687b7b1e2a39",
	"created_at": "2026-04-06T00:12:24.195653Z",
	"updated_at": "2026-04-10T03:21:09.886501Z",
	"deleted_at": null,
	"sha1_hash": "41524d3ca769f414dfdf9bcdb0f02c30746fe149",
	"title": "Dridex Omicron phishing taunts with funeral helpline number",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 4146597,
	"plain_text": "Dridex Omicron phishing taunts with funeral helpline number\r\nBy Lawrence Abrams\r\nPublished: 2021-12-24 · Archived: 2026-04-05 23:01:02 UTC\r\nA malware distributor for the Dridex banking malware has been toying with victims and researchers over the last few weeks.\r\nThe latest example is a phishing campaign that taunts victims with a COVID-19 funeral assistance helpline number.\r\nDridex is banking malware distributed through phishing emails containing malicious Word or Excel attachments. When\r\nthese attachments are opened, and macros are enabled, the malware will be downloaded and installed on the victim's device.\r\nOnce installed, Dridex will attempt to steal online banking credentials, spread to other machines, and potentially provide\r\nremote network access for ransomware attacks.\r\nhttps://www.bleepingcomputer.com/news/security/dridex-omicron-phishing-taunts-with-funeral-helpline-number/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/dridex-omicron-phishing-taunts-with-funeral-helpline-number/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nCOVID-19 Omicron variant used as a lure\r\nOver the past few weeks, one of the Dridex phishing email distributors is having fun toying with victims and researchers.\r\nThis was first seen when the threat actor began trolling security researchers by using their names combined with racist\r\ncomments as malware file names and email addresses.\r\nEarlier this week, the threat actor spammed fake employee termination letters that displayed an alert stating, \"Merry X-Mas\r\nDear Employees!\", after infecting their device.\r\nIn a new phishing campaign discovered by MalwareHunterTeam and 604Kuzushi, this same threat actor took it to the next\r\nlevel by spamming emails with a subject of \"COVID-19 testing result\" that states the recipient was exposed to a coworker\r\nwho tested positive to the Omicron COVID-19 variant.\r\n\"This letter is to inform you that you have been exposed to a coworker who tested positive for OMICRON variant of\r\nCOVID-19 sometime between December 18th and 20th,\" reads the new phishing email shown below.\r\n\"Please take a look at the details in the attached document.\"\r\nDridex phishing email stating you were exposed to Omicron COVID-19 variant\r\nThe email includes a password-protected Excel attachment and the password needed to open the document. Once the\r\npassword is entered, the recipient is shown a blurred COVID-19 document and is prompted to 'Enable Content' to view it.\r\nhttps://www.bleepingcomputer.com/news/security/dridex-omicron-phishing-taunts-with-funeral-helpline-number/\r\nPage 3 of 5\n\nBlurred document lure to convince users to enable macros\r\nSource: BleepingComputer\r\nTo add insult to injury, after macros are enabled, and the device becomes infected, the threat actor taunts their victims by\r\ndisplaying an alert containing the phone number for the \"COVID-19 Funeral Assistance Helpline.\"\r\nA bad joke showing the COVID-19 Funeral Assistance Helpline number\r\nSource: BleepingComputer\r\nWith the COVID-19 variant being highly contagious and rapidly spreading worldwide, phishing emails about the Omicron\r\nvariant are becoming popular and are likely highly effective in distributing malware.\r\nThis is especially true if the phishing campaign pretends to be from a company's human resources department and targets\r\nemployees from the same company.\r\n As Dridex phishing campaigns are currently using password-protected attachments, enterprises need to train their\r\nemployees to spot and avoid these types of attacks.\r\nAs always, if you receive unexpected emails or one that contains unusual attachments, always reach out to your network\r\nadmin or other people in the workplace to determine if the email is legitimate.\r\nhttps://www.bleepingcomputer.com/news/security/dridex-omicron-phishing-taunts-with-funeral-helpline-number/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/dridex-omicron-phishing-taunts-with-funeral-helpline-number/\r\nhttps://www.bleepingcomputer.com/news/security/dridex-omicron-phishing-taunts-with-funeral-helpline-number/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/dridex-omicron-phishing-taunts-with-funeral-helpline-number/"
	],
	"report_names": [
		"dridex-omicron-phishing-taunts-with-funeral-helpline-number"
	],
	"threat_actors": [],
	"ts_created_at": 1775434344,
	"ts_updated_at": 1775791269,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/41524d3ca769f414dfdf9bcdb0f02c30746fe149.pdf",
		"text": "https://archive.orkl.eu/41524d3ca769f414dfdf9bcdb0f02c30746fe149.txt",
		"img": "https://archive.orkl.eu/41524d3ca769f414dfdf9bcdb0f02c30746fe149.jpg"
	}
}