Dyre banking Trojan malware activity surges - targets Barclays, RBS, HSBC, Lloyds and Santander customers
Malware similar to Zeus and allows hackers to steal banking credentials, warn Bitdefender
Hackers are targeting UK customers of Barclays, Royal Bank of Scotland, HSBC, Lloyds Bank and Santander with increased determination by using a form of Trojan horse malware, Bitdefender researchers have warned.
Cyber criminals have used spam servers to send 19,000 malicious emails containing the Dyreza banking Trojan - also known as Dyre - in just three days and are using it to attempt to steal bank log-in credentials. Dyre shares many similarities with the infamous Zeus malware.
The spam email poses as a follow-up email from a tax consultant, asking the user to urgently download an attached file in order to complete a financial transaction. A second email asks the user to attach files to verify financial and personal details, while a third email is also sent. The emails containing an archive containing a malicious .exe file.
The malware first appeared last year, but there has been a huge surge in targeted attacks in recent days. "Dyre is very similar to the infamous Zeus," said Catalin Cosoi, chief security strategist at Bitdefender.
"It installs itself on the user's computer and becomes active only when the user enters credentials on a specific site, usually the login page of a banking institution or financial service," he continued, adding how "hackers inject malicious JavaScript code, allowing them to steal credentials and further manipulate accounts, all completely covertly".
Customers of High Street banks, including Barclays, Royal Bank of Scotland, HSBC, Lloyds Bank and Santander, have been targeted by cyber criminals in the UK. Meanwhile, Bitdefender warn that Bank of America, Citibank, Wells Fargo, JP Morgan Chase and PayPal may have all been targeted in the United States.
Coscoi warned that infected users may have no immediate way of knowing if they've been targeted by the malware of cyber criminals.
"If the user opens a banking web page, the malware will contact a malicious server and send it a compressed version of the web page. The server will then respond with the compressed version of the web page with malicious code added to it," he said.
"This altered web page is then displayed on the victim's web browser. Its appearance remains exactly the same, but the added code harvests the victim's login credentials," he added.
Bitdefender's advice for avoiding infection is "to avoid clicking links in emails from unknown email addresses, and to keep their anti-malware solution up to date with the latest virus definitions".