Skip to content ↓ | Skip to navigation ↓

The Department of Homeland Security’s US-CERT Team issued an alert on Monday, warning of the malicious ‘Dyre’ malware targeting users’ banking credentials through spam and phishing scams.

“Elements of this phishing campaign vary from target to target, including senders, attachments, exploits, themes and payloads,” said the advisory. “Although this campaign uses various tactics, the actor’s intent is to entice recipients into opening attachments and downloading malware.”

According to US-CERT, the Dyre/Dyreza banking malware has the ability to capture user login information and send the captured data to malicious actors.

The advisory noted that phishing emails used in this campaign often contain a weaponized PDF attachment, which attempts to exploit vulnerabilities found in unpatched Adobe Reader versions.

Screenshot of phishing email.

If the attack is successful, the malicious banking trojan is downloaded onto the user’s system. The malware then copies itself under C:\Windows\[RandomName].exe and creates a service named “Google Update Service.”

US-CERT reported the Dyre campaign has been active since mid-October, aiming to exploit vulnerabilities CVE-2013-2729 and CVE-2010-0188 within Adobe Reader and Acrobat. However, both vulnerabilities have been patched by Adobe and addressed in software updates.

“This is a good example of how malicious cyber actors often reuse old tactics and techniques,” said the DHS National Cybersecurity and Communications Integration Center (NCCIC) advisory.

“This is also a good example of how important it is to follow best practices and install updates and patches for software applications as they become available.”

Read More Here…