If you receive a suspicious email or message instructing you to open an attached file, Dudell malware needs to be on your mind. Individual Windows users are unlikely to be affected by this threat, but those working in government organizations across Asia need to be very careful about it. The actor behind this malware – which is the Rancor cyber-espionage group – has been performing attacks on governments in Asia since 2017, and it was active throughout 2019. Therefore, we expect to see more attacks coming from them this year. The strength of this malware is in its simplicity. Attackers send misleading messages, and if targets do not recognize them as a scam and do not remove them instantly, they might be tricked into opening fake files. To open it, the victim is required to enable macros, and if that is done, the infection is free to create, drop, and load pretty much anything. By the time you figure out that you need to delete Dudell, there is a good chance that you will find several infections.
The creators of Ransomware and Trojans appear to be very keen on using spam emails for malware distribution. All that the attacker needs to know is an email address, and when it comes to government agencies, in many cases, email addresses are public. In more sophisticated attackers, cybercriminals can hack into systems and steal lists of real email addresses. In other cases, they can purchase or record email addresses after data breaches. The hard part is creating a message that is convincing enough, and subject lines and senders’ addresses play a huge role. If the subject line appears to be legitimate, and if the sender’s email address does not raise suspicion, cybercriminals are one-step closer to scamming the recipient. Of course, the message plays a huge role too, and the attached file needs to look harmless. This is why Dudell has been found spreading with the assistance of .DOC (Word Document), .XLS (Microsoft Spreadsheet), and .RTF (Rich Text Format) files. If the victim does not realize that they need to report and delete spam, they might open the attached file, and this is where attacks begin.
Once the malicious macros is enabled as the victim of Dudell spam email tries to open the sent file, malicious files are dropped. Whether that is a .js, a .vbs, or an .exe file, it is downloaded silently, and if security software does not exist, the malicious file is not removed in time. The infection then creates a scheduled task to execute the downloaded file, and that begins the loading of malicious payload. What kind of malware is executed with the help of Dudell depends on what the attackers want to achieve. In most cases, cybercriminals use backdoors and Trojans because they can be most versatile. Using a backdoor, cybercriminals can drop other infections and execute malicious commands. Trojans can be equipped to record mouse-clicks and keystrokes, capture screenshots, and even hijack video-recording devices or microphones to spy on their victims. Without a doubt, a lot of damage could be done, especially if the affected system can be used to gather sensitive government-level information.
Can victims remove Dudell manually? More experienced people might be able to track down the threat and eliminate the components associated with it. Unfortunately, once the security of the operating system is breached, multiple threats could be dropped, and it is hard to say whether you are currently dealing with one infection or, perhaps, five of them. If you want to delete Dudell manually, you should at least use a malware scanner to ensure that you are on top of what is actually lurking inside. Of course, it is best to utilize anti-malware software that can clear your system from threats automatically and also ensure further protection. If this is the path you choose to follow, make sure you are choosing the right tool because the web is full of fake security programs. Besides clearing your system and securing it, it is also important to become more cautious so as not to be tricked into executing new threats whether they are introduced to you via email, fake warnings, strange pop-ups, or unreliable file-sharing sites.