Dyre Malware Takes Summer Holiday in Spain
New Configuration of the Dyre Trojan Coming After 17 Spanish Banks
As
Europeans head to the beaches of Spain this summer, the cybercriminals behind
the highly successful Dyre malware are not taking a break. In fact, they are
turning up the heat and have set their sights on 17 Spanish banks, and several
European banks’ Spain-based subsidiaries. IBM Security X-Force researchers were
able to analyze a new Dyre Trojan configuration file that followed the release
of a new Dyre build. This is the first configuration that targets such a large
number of Spanish banks. Previous versions only included three or five
Spain-based banks on the victim roster, likely as a way to test the waters
before moving to a more aggressive phase.
The
analysis reveals that Dyre’s developers have expanded the capabilities and
reach of the malware by updating its webinjections to match the new banks they
are targeting in Spain. On top of its Spanish targets the Dyre gang sees
opportunities in other Spanish speaking countries beyond Spain, attacking in
Chile, Colombia and Venezuela. This is hardly surprising given that Spanish is
the second most spoken language in the world.
Dyre
is not new in Europe. It already targets banks all over the European continent,
unsurprisingly leaving out only Russia and the former Soviet Union region.
Within Europe, Dyre infection rates in Spain are ranked third after the UK and
France.
In
numbers, Spanish companies recorded losses of EUR 14 billion from cybercrime in
2014. The recent cybercrime news from Spain features the arrest of a gang that
managed to amass EUR 2 million in fraudulent premium number phone calls from
stolen phones and SIM cards.
IBM
has appropriately shared the new Dyre information to help prepare and protect
targeted banks against the heightened security risk.
About Dyre
Dyre,
which was named after a string calling “I am Dyreza” found inside its code,
started out as a seemingly simple RAT (Remote Access Trojan) project in
mid-2014. While it used to only sniff out encrypted credentials, it has since
rapidly and aggressively evolved, shape-shifting in both its technical makeup
and crime methodologies. Nowadays, Dyre is a full-blown banking Trojan that is
keeping security professionals guessing, and its victims in constant
remediation mode.
Dyre
is one of the most advanced malware codes active in the wild nowadays because
of its feature-rich capabilities and its constant updates, which are designed
to evade detection by anti-virus and static security mechanisms. And while Dyre
in itself is rather interesting from a technical standpoint, the group behind
it is the more important study for today’s counter-cybercrime professionals.
Read
more of this
post here
Read
the Spanish
version here
Comments
Post a Comment