Cridex Malware

Cridex is a sophisticated strain of banking malware that can steal banking credentials and other personal information on an infected system in order to gain access to the financial records of a user.

The Cridex Trojan Horse spreads by copying itself to mapped and removable drives on infected computers. Cridex creates a backdoor entry point on infected systems, enabling the possibility for additional malware to be downloaded and run as well as conduct operations such as opening rogue websites.

This latter capability enables Cridex to capture the banking credentials of users on an infected system when the user attempts to visit and log into a financial web site. Cridex will surreptitiously redirect the user to a fraudulent version of the financial site and record the login credentials as they are entered.

At that point, Cridex gives the cybercriminal the ability to connect to the actual financial site from the infected system and execute fraudulent financial transactions.

Cridex’s Evolution from the GameOver Zeus Malware

Cridex was first discovered and identified in January 2012, and subsequent variants have also been referred to as Bugat and Feodo. The Cridex Trojan itself features many aspects of the GameOver Zeus (GOZ) malware, evolving from the GOZ malware as a way of conducting fraudulent financial transactions.

A new form of malware based on Cridex, known as Dridex, emerged in late 2014 and quickly spread via a spam e-mail campaign that initially generated 15,000 e-mails pet day.

Also see The Difference Between a Virus, Worm and Trojan Horse in the Did You Know? section of Webopedia.

Forrest Stroud
Forrest Stroud
Forrest is a writer for Webopedia. Experienced, entrepreneurial, and well-rounded, he has 15+ years covering technology, business software, website design, programming, and more.

Related Articles

@ Sign

Pronounced at sign or simply as at, this symbol is used in e-mail addressing to separate the user' name from the user's domain name,...

Munging

(MUHN-jing) Munging (address munging), is the act of altering an email address posted on a Web page to make it unreadable to bots and...

How to Create an RSS Feed

In the second installment of RSS how-to, we look at some of the nonrequired (optional) channel and item tags, discuss RSS specifications in-depth and...

Dictionary Attack

(n.) (1) A method used to break security systems, specifically password-based security systems, in which the attacker systematically tests all possible passwords beginning with...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...