Dyre malware targeting Swiss bank customers

  • 31 October 2014
  • 0 replies
  • 145 views

Userlevel 7
Author: Zeljka Zorz HNS Managing Editor
 
Posted on 31.10.2014The Dyre/Dyreza banking Trojan has lately become very popular with cyber criminals - so much so that the US-CERT has issued an alert warning about the danger.

"Since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware. Elements of this phishing campaign vary from target to target including senders, attachments, exploits, themes, and payload(s)," they shared.

"Phishing emails used in this campaign often contain a weaponized PDF attachment which attempts to exploit vulnerabilities found in unpatched versions of Adobe Reader."

Dyre/Dyreza is after sensitive user account credentials for online services, including bank services, which it logs and sends to remote servers run by the criminals.

In another campaign spotted by Danish security firm CSIS, the malicious emails are very similar (fake unpaid invoices, bank details), but the attachment is a specially crafted PPT file made to exploit the Sandworm vulnerability (CVE-2014-4114) in order to install the malware.

While initial versions of the malware were targeting users of several US and UK banks, this latest one is also aimed at Swiss bank customers (as evidenced by the content of its configuration file):

http://www.net-security.org/images/articles/dyre-conf-31102014.jpg 
 
 
Full Article

0 replies

Be the first to reply!

Reply