Dyre

Dyre, also referred to as Dyreza, Dyzap, and Dyranges, is a banking trojan similar to the infamous Zeus banking malware that targets login credentials for banks through man-in-the-browser exploits. In addition to stealing credentials, Dyre can be used to infect victims with other types of malware and add victim's computers to spam botnets, used to infect other computers. Dyre targets Windows computers as well as the three most popular web browsers, Chrome, Firefox, and Internet Explorer.

The new Dyre variant supports Windows 10 and Microsoft Edge. This trojan is commonly used in advanced persistent threat (APT)-style attacks against large corporations. It is known for its use in attacks against Bank of America, Citigroup, JPMorgan Chase, and Royal Bank of Scotland customers in 2014. Security professionals recommend using endpoint protection aimed at identifying the attributes of Dyre and preventing the installation of this, or any other trojan.

Reporting

  • November 2015: Heimdal Security and F5 Networks reported that a new variant of Dyre included support for Windows 10 and the new Windows Edge browser.
  • February 2016: Security researchers noted that Dyre spam campaigns were inactive, since the reported arrest of several Russian hackers.

Technical Details

  • The Dell SecureWorks Counter Threat Unit research team released a detailed threat analysis on Dyre after discovering the banking trojan in June of 2014, available here.

Image Source: MailShark