Dridex botnet is installing AVIRA AV on hacked systems

It seems that a whitehat hacker has gained access to an Dridex C&C system. The German security company AVIRA announced in a report that they have found a Dridex distributor which is serving AVIRA.

Avira stated:

We still don’t know exactly who is doing this with our installer and why – but we have some theories,” said Kroll. “This is certainly not something we are doing ourselves.”

According to the Avira research, a partial list of financial institutions targeted by Dridex includes Barclays, Berliner Bank, BNP Paribas, Commerzbank, Credit Agricole, Deutsche Bank, HSBC, La Banque Postale, Natwest, Raiffeisen, RBS, Santander, Societegenerale, Sparda, Sparkasse, Ulsterbank, and Wells Fargo.