Dudell

Dudell is a dangerous tool in the hands of clever cybercriminals. This Trojan might be introduced to Windows users as a Microsoft Excel document, and it is most likely to be sent to them via email. Unfortunately, even though it looks completely harmless at first glance, this document file has malicious script embedded within, and so if anyone interacts with the file, it could execute malware. This is not the first time we have seen a malicious Microsoft Excel document being used for the distribution of malware. In most cases, such files are sent using spam emails, and the attackers are creating highly convincing messages with attractive subject lines and sent from addresses that might look either inconspicuous or, in some cases, even familiar. Unfortunately, email addresses can be fabricated, and misleading messages can appear to be real. Of course, that does not mean that you can be careless with the random files sent to you via social media platforms or instant messaging apps. Obviously, if you have downloaded the file, you want to delete it immediately. However, if you have opened it, you might need to remove Dudell and additional threats.

According to malware experts, Dudell belongs to a well-known group of hackers called “Rancor.” It is believed that this group is China-based, and it has been active since at least 2017. This hacking group has been actively attacking governments in Southeast Asia, including Cambodia and Singapore. Dudell has been instrumental in performing successful attacks, which, of course, started with a malicious document file. In 2019, a Microsoft Excel document file (.XLS) was used along with Rich Text Format (.RTF) and Microsoft Word (.DOC) files. In every case, the attack was conducted differently. For example, when a Microsoft Excel document file was used, it would drop an .EXE file and create a scheduled task that, eventually, would execute it and load malware. A Microsoft Word document file would use a scheduled task to execute a dropped .VBS file. Malicious .RTF files would use scheduled tasks to execute the downloaded Bitdefender Agent or Windows Defender that would then load a malicious .DLL file. It is likely that other methods of operation could be used as well. Initially, of course, the target would have to be tricked into clicking the file sent to them. Just clicking the file does not activate the chain reaction. First, the victim has to “Enable Content” to execute the malicious macro embedded within the file.

Unfortunately, the Dudell family of malware could be quite expansive, and it might include Trojans, keyloggers, screen-grabbers, backdoors, downloaders, wipers, and all other kinds of threats. These could be used to spy on the users of infected machines, gather government-level intelligence, hijack accounts to gain access to highly sensitive data, crash systems, and execute various malicious commands. It appears that Dudell malware is specifically created to go after governments, and so it is not very likely that regular Windows users would need to face this threat. That being said, if malware exists, everyone needs to be cautious. Obviously, it is quite important to stay away from emails and messages containing strange file attachments. Note that if cybercriminals manage to hijack the accounts of your colleagues or friends, they could be used to spread malware in a much more convincing manner. Therefore, you not only need to be cautious about messages sent to you by strangers but also people in your own circle. If you ever suspect potential foul play, contact the sender directly to ask them if they intended to send you a strange message and file, and also do not hesitate to contact the cybersecurity team in your company, if that is available to you.

We do not recommend deleting Dudell malware manually. First of all, it is hard to judge how many different threats and malware components could be active. Second of all, time is of the essence when it comes to malware of such nature. Therefore, we strongly recommend installing anti-malware software immediately. Trustworthy and legitimate software will be able to automatically remove Dudell-related threats and also secure the system against new attacks. Without a doubt, securing the system is crucial because there are plenty of threats capable of exploiting any and all security vulnerabilities. Educating the employees on cybersecurity is crucial too, and if you want to make sure that your team, your department, or your entire agency or organization is not affected by malware, you need to put in some effort into the cause.

Dudell Removal

1. Delete all recently downloaded suspicious files.
2. Empty Recycle Bin.
3. Install a malware scanner that is trustworthy.
4. Perform a full system scan.
5. Delete the leftovers that might be discovered.