Threat Management, Malware

Dridex using Dyre tricks to deceive victims

Researchers at IBM's X-Force have spotted the Dridex banking trojan using Domain Name System (DNS) cache poisoning attacks to redirect victims to fakes banking sites.

In the attacks, the threat actor inserts a fake address record for an internet domain into the endpoint's cache DNS causing the cache to use the fake address in subsequent browsing requests to redirect traffic to the addresses of a malicious server, according to a Jan. 19 blog post.

Once infected, the victim is redirected to a phony page designed to mimic their bank's website when they try to access their accounts online. The technique allows the attacker to use social engineering injections to obtain critical authentication codes from the victim as needed.

Researchers said the redirection technique is very similar to the methods used by the Dyre Trojan adding that is possible the two groups share some key developers or management.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.