Application security, Threat Management, Incident Response, Malware, Network Security, TDR, Vulnerability Management

New banking malware variant ready to profit from holiday rush

A new variant of the notorious banking trojan Dyreza has been detected by researchers at Heimdal Security.

The data-stealing malware – a spinoff of the infamous ZeuS malware which targets major online banking websites, like Bank of America, Natwest, Citibank, RBS, Ulsterbank  – now is capable of working with Windows 10 and can also interact with Microsoft Edge, the company's new default web browser replacing Internet Explorer, to siphon data and then transfer it to malicious servers.

Malware protection

To keep systems protected from the Dyreza malware, Heimdal Security recommends that computer users: 

1. Don't click links in emails received from unknown email addresses. 
2. Don't download and access email attachments from unknown people. 
3. Increase online protection level by adjusting web browser security settings. 
4. Keep Windows operating system and software up to date with the latest security patches. 
5. Use a security solution that updates automatically.

First detected around September 2014, Dyreza gained notoriety for its ability to bypass SSL (secure sockets layer), a standard security technology that establishes an encrypted link between a server and a client.

The new variant also can get around a number of other security software measures, like anti-virus, which Heimdal Software researchers said, makes its penetration into systems faster and more effective.

The malware is spread via indiscriminate spam campaigns which include various malicious attachments, either a ZIP, PPT or PDF file. Once a recipient clicks on the link, a downloader, “Upatre," delivers the malware onto the targeted machine to not only steal data from infected computers, but enlist them into a botnet that – with the appending of Windows 10 – is now estimated to contain 80,000 computers. That number is projected to grow.

What is concerning is how simple the malware is to purchase and deploy, said Andra Zaharia, a security specialist at Heimdal Security. Malware creators are profiting from selling the kits and the users can cast a wide net to trap unsuspecting users.

And, with the holiday season approaching, the timing couldn't be better, Zaharia said. As online transactions pick up, the malware will be capable of scooping up hordes of financial data. And consumers distracted with the rush of holiday activities are expected to loosen their sense of caution around making purchases online.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.