Zeus-like Dyre malware will scam 'at least' one in 25 UK banking customers

Trojan has sights set on log-in details

Thu Jul 09 2015, 15:13

UK ONLINE BANKING CUSTOMERShave been warned of a major phishing campaign that uses malware to pilfer sensitive financial information.

Security outfit Bitdefender warned that customers of Barclays, Santander and Lloyds TSB are being targeted by the trojan malware known as Dyre.

The firm said that almost 20,000 customers have been targeted in the past few days alone.

Cyber criminals used compromised servers to send 19,000 malicious emails containing the Dyreza banking Trojan, also known as Dyre, in an attempt to steal bank log-in credentials.

The aptly-named Dyre is also capable of stealing log-in credentials for Facebook, Google and other services. 

Bitdefender warned that bank customers in France, Germany, the US, Australia and Romania should also keep a watchful eye on their inboxes.

Catalin Cosoi, chief security strategist at Bitdefender, said: "First seen in 2014, Dyre is very similar to the infamous Zeus.

"It installs itself on the user’s computer and becomes active only when the user enters credentials on a specific site, usually the log-in page of a banking institution or financial service.

"Through a man-in-the-browser attack, hackers inject malicious JavaScript code, allowing them to steal credentials and further manipulate accounts, all completely covertly."

Kevin Epstein, VP of advanced security and governance at Proofpoint, said that Dyre is likely to lure in at least one in 25 recipients of the malware-infested emails.

"Research reported in the 2015 edition of Proofpoint's annual cybercrime report, the Human Factor, suggests that at least one in every 25 recipients of this email will click and fall victim to the attack," he added.

"The use of a linked URL, which enables attackers to rotate payloads and delay linking to bypass legacy secure email gateways, reiterates the need for organisations to invest in modern targeted attack protection and threat response systems that can continually monitor such email-embedded URLs for clicks, even after the emails are delivered to users' inboxes.