New Malware Family Threatens UK’s Online Banking Users

Online banking customers in the UK are being attacked using a previously undocumented Remote Access Tool (RAT) malware family, codenamed “Dyre”.

The new strain was discovered by security researchers from PhishMe, who say it is used to steal login details, circumventing SSL encryption and two-factor authentication through a technique known as “browser hooking”.

Judging by the code, Dyre currently targets the customers of Citigroup, Bank of America, Royal Bank of Scotland and its subsidiaries NatWest and Ulster Bank.

Dyre straits

The infection starts with a phishing email, seemingly originating from a bank. It includes a link to an archive file, sometimes hosted on a legitimate cloud storage service. Once the user tries to open the file, malware infects the system and starts communicating with a control server.

If the user then attempts to log into one of the popular online banking services, their data is sent to the attacker without setting off any alarm bells.

“Here’s the kicker. All of this should be encrypted and never seen in the clear. By using a sleight of hand, the attackers make it appear that you’re still on the website and working as HTTPS. In reality your traffic is redirected to the attacker’s page,” explained Ronnie Tokazowski, senior researcher at PhishMe.

He added that the new malware is highly packed and obfuscated, which often prevents it from being detected by popular anti-virus solutions.

Peter Kruse from Danish security vendor CSIS noted that the new strain is similar to ZeuS, one of the most popular crimeware toolkits out there, and seems to be primarily targeting the UK.

“Our intel shows that the group behind these attacks is likely to push/distribute a new campaign as a ‘Flash Player update’,” he warned.

While the threat signatures are being exchanged, online banking users are advised to be extra careful with their emails and not click on suspicious links leading to archives or applications.

How well do you know network security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

42 mins ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

1 hour ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

2 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

18 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

19 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

20 hours ago