Banking trojan Dyreza goes after Windows 10, Microsoft Edge users
The Dyreza banking trojan has (unfortunately) been updated, and now can target users sporting Windows 10 and its internet browser, Microsoft Edge.
The new version of the banking trojan was spotted and analyzed by EU-based security firm Heimdal Security, which claims that Dyreza will now also seek and find security products, terminating their underlying OS processes.
This new feature works regardless of the PC’s underlying architecture, 32-bit or 64-bit, and affects all operating systems, not just Windows 10.
"By adding support for Windows 10, Dyreza malware creators have cleared their way to growing the number of infected PCs in their botnet", Heimdal writes in a blog post. |This financial Trojan doesn’t only drain the infected computers of valuable data -- it also binds them into botnets".
According to the report, 80.000 machines are already infected with Dyreza worldwide and the number is expected to increase.
The banking trojan is delivered via the Upatre malware downloader, and all infected machines are also added to a worldwide botnet. When Upatre runs, it scans the target and downloads Dyreza if it finds the target suitable. After that the malware looks for any financial details it can find, in banking apps or by hooking into the browser. Once data is found, it is packed into an HTTP request, and sent to a remote C&C server in the control of the attacker.
The timing also couldn’t be better. The malware is spreading just before the holiday season, at the time of the year when everyone’s online shopping activity is at its utmost peak.
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.