eScan, one of the leading Anti-Virus and Content Security Solution providers, warns users about online banking data theft. According to reports, a new banking Trojan named ‘Dyreza’ is targeting online bankers by stealing their credentials. This malware mainly targets customers of well-known financial institutions using Internet Explorer, Google Chrome and Firefox browsers.
Dyreza or Dyre is delivered through a phishing campaign, says US-CERT. These phishing emails supposedly coming from banking or financial institutions include a malicious Zip or PDF document, which when extracted installs itself on the target system. These malicious PDF attachments take advantage of unpatched versions of Adobe Reader, i.e. it tries to exploit vulnerability in Adobe Reader to get itself installed on the targeted system.
Once the phishing email is received by an online banking customer, it entices him/her to download and extract the Zip file which then begins its destructive and stealing action. By using Dyreza banking malware, attackers can steal credentials used for online services, including banking services. They can bypass secure protection settings using browser hijacking, capture keystrokes, control browser traffic, perform man-in-the-middle attack and also communicate with command and control server.
With the advantage of reading all the encrypted traffic between targeted user’s browser and financial institutions’ servers, attackers can also try to bypass 2-factor authentication. Moreover, by controlling browser traffic, attackers can re-direct targeted users to the malicious banking site instead of the legitimate banking site with the aim of copying and stealing banking confidential and sensitive data.
US-CERT recommends users to follow basic security steps to safeguard against this malware. Users must configure their email server to block email that contains malicious file attachments that are commonly used to spread threats such as .vbs, .bat, .exe, .pif and .scr files.
Moreover, eScan recommends following preventive measures that will save you from falling prey to such attacks.
- Update your system with the latest antivirus software that protects your system from all kinds of Malware attacks.
- Enable firewall in your PC to ensure that you are secure on local networks and the Internet.
- Identify phishing emails, such mails are filled with countless grammatical errors and are often written in awkward English.
- Never respond to emails or messages from unknown sender that has ‘undisclosed recipients’ in the address line.
- Do not click on the link mentioned in the email, if required type it in another browser tab to see what it contains.
- If at all you happen to click such a link and see a request for your banking credentials or other details for any kind of verification or updating purpose, do not enter your personal or financial information.
- Never provide information related to your credit card, bank account numbers or passwords to any unknown site or a fake site.
