Published on July 15th, 2015 📆 | 1646 Views ⚑0
UK online banking users hit with Dyre malware phishing attacks
Online banking customers in the UK are being warned of a major phishing campaign using a notorious piece of malware designed to steal financial data.
Customers of Barclays, Santander and Lloyds TSB are being targeted by the trojan malware known as Dyre.
Nearly 20,000 malicious emails have been sent in the last three days containing an infectious .exe file posing as an email from a tax consultant. The file acts as a downloader that fetches and executes the Dyre banking trojan when opened.
Follow up emails then urge victims to attach financial documentation and verify its authenticity.
The malware has also been found in the US and Germany. Customers of Bank of America, Deutsche Bank and PayPal are all thought to have been affected by the most recent attack.
Antivirus and internet security provider Bitdefender has warned against clicking on links from unknown email addresses.
Catalin Cosoi, chief security strategist at Bitdefender, explained that the Dyre malware is different from previous versions.
"This version of Dyre, unlike others Bitdefender has previously analysed, distributes itself through three different emails, thus increasing the chances of more users falling victim," he said.
Cosoi told V3 that people should be cautious when accessing email links and attachments from unknown sources.
"They should also verify their bank transactions report regularly to make sure transactions have not been altered by fraudulent techniques. An advanced anti-malware solution for internet-connected devices is also a must," he said.
Despite the sophistication of the threat, the attack still relies on the victim opening the email and manually running its contents.
Security experts at Symantec warned in a 2015 report that up to 1,000 banks could be affected by a variant of Dyre, and that a huge 99 percent of the malware's command and control IP addresses are thought to be in Europe.
Dyre was found to be targeting Microsoft Outlook in January with another piece of malware called Upatre which downloads a worm capable of spreading infected emails from a user's account.
John Kuhn, a threat researcher at IBM, reported in April that those behind the Dyre malware had successfully stolen more than $1m from targeted attacks on organisations.
"From an initial infection via the Upatre malware through a spear-phishing email to a distributed denial-of-service attack, the criminals carrying out this latest string of attacks are using numerous sophisticated techniques," he said.
It is thought that the new variant of Dyre is similar in design to the well-known Zeus trojan, another highly infectious piece of malware which was widely reported on last year.
The National Crime Agency launched an operation to tackle the Gameover Zeus malware last year in co-operation with the FBI, Europol and ISPs.
GOZeus is a trojan-based virus also spread via email that gives the hacker a huge amount of control over an infected system, including log-in credentials, banking details and system information.
It can even allow the attacker to shut down or reboot the system or delete crucial files.