Researchers have discovered a new spam campaign infecting thousands of computers in order to steal banking credentials through the Dyre banking trojan.
Each downloaded archive is named differently, allowing it to thwart anti-virus protection. The contents of the zip archive – posing as PDF files – are actually executables that download the Dyre trojan.
The malware is known to install itself on a victim's computer and wait for them to visit a particular login page of a financial institution to steal credentials. Targeted banks include Bank of America, Citibank and Wells Fargo.