For the uninitiated, Dridex is a deadly banking malware that leverages macros in Microsoft Office to infect systems. Once a computer has been infected, Dridex attackers steals banking credentials and other personal information on the system to gain access to the financial records of a user. Dridex operates by first arriving on a user’s computer as a malicious spam e-mail with a Microsoft Word document attached to the message. If the victim opens the document, a macro embedded in the document surreptitiously triggers a download of the Dridex banking malware, enabling it to first steal banking credentials and then attempt to generate fraudulent financial transactions. It is this word document that was infected by the anonymous hacker with a copy of Avira antivirus. This was revealed by Avira’s Lyle Frink who noted this strange phenomenon on the Avira’s blog. In the blog, Frink denied any involvement in the hack. According to Frink, the events unfolding are strange, but simple. Instead of malware, incautious users are being duped into downloading free and legal copies of Avira anti-virus. Clicking on a link in a Dridex spam email will sometimes now give you a valid, signed copy of Avira Free Antivirus software — perfect for cleaning Dridex’s Trojans out of your system once and for all.