Dyre Malware Takes Summer Holiday in Spain

New Configuration of the Dyre Trojan Coming After 17 Spanish Banks

As Europeans head to the beaches of Spain this summer, the cybercriminals behind the highly successful Dyre malware are not taking a break. In fact, they are turning up the heat and have set their sights on 17 Spanish banks, and several European banks’ Spain-based subsidiaries. IBM Security X-Force researchers were able to analyze a new Dyre Trojan configuration file that followed the release of a new Dyre build. This is the first configuration that targets such a large number of Spanish banks. Previous versions only included three or five Spain-based banks on the victim roster, likely as a way to test the waters before moving to a more aggressive phase.

The analysis reveals that Dyre’s developers have expanded the capabilities and reach of the malware by updating its webinjections to match the new banks they are targeting in Spain. On top of its Spanish targets the Dyre gang sees opportunities in other Spanish speaking countries beyond Spain, attacking in Chile, Colombia and Venezuela. This is hardly surprising given that Spanish is the second most spoken language in the world.

Dyre is not new in Europe. It already targets banks all over the European continent, unsurprisingly leaving out only Russia and the former Soviet Union region. Within Europe, Dyre infection rates in Spain are ranked third after the UK and France.

In numbers, Spanish companies recorded losses of EUR 14 billion from cybercrime in 2014. The recent cybercrime news from Spain features the arrest of a gang that managed to amass EUR 2 million in fraudulent premium number phone calls from stolen phones and SIM cards.

IBM has appropriately shared the new Dyre information to help prepare and protect targeted banks against the heightened security risk.

About Dyre

Dyre, which was named after a string calling “I am Dyreza” found inside its code, started out as a seemingly simple RAT (Remote Access Trojan) project in mid-2014. While it used to only sniff out encrypted credentials, it has since rapidly and aggressively evolved, shape-shifting in both its technical makeup and crime methodologies. Nowadays, Dyre is a full-blown banking Trojan that is keeping security professionals guessing, and its victims in constant remediation mode.

Dyre is one of the most advanced malware codes active in the wild nowadays because of its feature-rich capabilities and its constant updates, which are designed to evade detection by anti-virus and static security mechanisms. And while Dyre in itself is rather interesting from a technical standpoint, the group behind it is the more important study for today’s counter-cybercrime professionals.

Read more of this post here

Read the Spanish version here