Dyre Banking Malware Surges In Europe

The malware is part of a wider campaign targeting the spread of online banking, according to researchers

Infections of the Dyre banking malware rose sharply in the first quarter of 2015, with Europeans among the most targeted, according to new figures from Trend Micro.

The rise in infections followed a spam campaign to spread the malware, using English-language messages warning of rising VAT rates, for instance, to trick users into opening a malicious attachment.

Online banking ‘easy pickings’

stealing bank detailsThe spread of such programs is intended to take advantage of the growth in online banking, presenting what criminals see as an easy target.

“The quality of the (online banking) applications and security controls on mobile platforms are still maturing and cybercriminals are seeing these as ‘easy pickings’,” said Trend security consultant Bharat Mistry.

Dyre infections rose 125 percent, from 4,000 in the fourth quarter of last year to 9,000 in the first quarter of this year, with the most infections – 39 percent – in the Europe, Middle East and Africa (EMEA) region, the security firm said on Tuesday.

North America followed with 38 percent, while the Asia-Pacific region had 19 percent of the recorded infections.

Dyre’s techniques for data theft include man-in-the-middle web browser attacks, taking browser screen-shots that are then sent back to the malware’s operators, and stealing security certificates and online banking credentials. Salesforce.com warned last year that the malware was targeting its customers.

The malware was found last summer to be targeting UK users.

In April, IBM reported that an experienced Eastern European criminal gang was using the malware along with sophisticated social engineering techniques, such as telephone lines with English-language operators, to target US organisations, with successful operations netting between $500,000 (£330,000) and $1.5 million per incident.

Europe targeted

Within Europe, the UK was the fourth worst hit by the latest spike, with nearly 9 percent of the region’s infections and more than 3 percent globally. France was Europe’s worst hit, at 34 percent, followed by Germany with 14.5 percent and Spain with 9 percent.

Asia-Pacific had the lowest proportion of infections but the highest volume of infected spam messages, at 44 percent of the total, with EMEA following at 39 percent and North America far behind at 17 percent, indicating that Asia-Pacific and EMEA seem to be particular targets, Trend Micro said.

The company said it detected a new Dyre variant that features a new downloader component capable of disabling firewalls and network-related security tools by modifying Windows registry entries and stopping related services. The variant also switches off Windows’ default anti-malware feature.

Trend urged users to be vigilant and to become familiar with their online banking policies in order to avoid being tricked by malicious emails.

Are you a security pro? Try our quiz!