Categories: Security

Dyre Banking Malware Surges In Europe

Infections of the Dyre banking malware rose sharply in the first quarter of 2015, with Europeans among the most targeted, according to new figures from Trend Micro.

The rise in infections followed a spam campaign to spread the malware, using English-language messages warning of rising VAT rates, for instance, to trick users into opening a malicious attachment.

Online banking ‘easy pickings’

The spread of such programs is intended to take advantage of the growth in online banking, presenting what criminals see as an easy target.

“The quality of the (online banking) applications and security controls on mobile platforms are still maturing and cybercriminals are seeing these as ‘easy pickings’,” said Trend security consultant Bharat Mistry.

Dyre infections rose 125 percent, from 4,000 in the fourth quarter of last year to 9,000 in the first quarter of this year, with the most infections – 39 percent – in the Europe, Middle East and Africa (EMEA) region, the security firm said on Tuesday.

North America followed with 38 percent, while the Asia-Pacific region had 19 percent of the recorded infections.

Dyre’s techniques for data theft include man-in-the-middle web browser attacks, taking browser screen-shots that are then sent back to the malware’s operators, and stealing security certificates and online banking credentials. Salesforce.com warned last year that the malware was targeting its customers.

The malware was found last summer to be targeting UK users.

In April, IBM reported that an experienced Eastern European criminal gang was using the malware along with sophisticated social engineering techniques, such as telephone lines with English-language operators, to target US organisations, with successful operations netting between $500,000 (£330,000) and $1.5 million per incident.

Europe targeted

Within Europe, the UK was the fourth worst hit by the latest spike, with nearly 9 percent of the region’s infections and more than 3 percent globally. France was Europe’s worst hit, at 34 percent, followed by Germany with 14.5 percent and Spain with 9 percent.

Asia-Pacific had the lowest proportion of infections but the highest volume of infected spam messages, at 44 percent of the total, with EMEA following at 39 percent and North America far behind at 17 percent, indicating that Asia-Pacific and EMEA seem to be particular targets, Trend Micro said.

The company said it detected a new Dyre variant that features a new downloader component capable of disabling firewalls and network-related security tools by modifying Windows registry entries and stopping related services. The variant also switches off Windows’ default anti-malware feature.

Trend urged users to be vigilant and to become familiar with their online banking policies in order to avoid being tricked by malicious emails.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Fiber Plans US Network Expansion – Report

Google Fiber resurfaces. Network to be expanded to offer speedy internet connectivity to cities in…

8 hours ago

Samsung Unveils Two New Folding Smartphones

Foldable updates from Samsung. include new versions of its pocket sized square (Galaxy Z Flip…

9 hours ago

Elon Musk Sells Tesla Shares Worth $6.9 Billion

Tesla CEO Elon Musk admits he could need the funds if he loses legal showdown…

10 hours ago

Facebook At Centre Of US Teenager Home Abortion Case

Court documents show Facebook provided police in the US state of Nebraska with a teenager's…

12 hours ago

President Biden Signs $53 Billion US Chips Act

President Joe Biden signs landmark bill to encourage chip makers to build more semiconductor manufacturing…

13 hours ago

WhatsApp Update To Allow Users To Leave Groups Silently

Privacy changes to WhatsApp. No more blanket notifications to a group if a user decides…

14 hours ago