Containing the Dyreza banking Trojan – also known as Dyre – the phishing emails pose as a follow-up email from a tax consultant, asking the user to urgently download an attached file in order to complete a financial transaction. A second email asks the user to attach files to verify financial and personal details, while a third email is also sent. Attached to the emails is an archive containing a malicious .exe file.
Dyre shares many similarities with the infamous Zeus malware. Catalin Cosoi, chief security strategist at Bitdefender describes the malware:
“It installs itself on the user’s computer and becomes active only when the user enters credentials on a specific site, usually the login page of a banking institution or financial service,” he continued, adding how “hackers inject malicious JavaScript code, allowing them to steal credentials and further manipulate accounts, all completely covertly.”
“If the user opens a banking web page, the malware will contact a malicious server and send it a compressed version of the web page. The server will then respond with the compressed version of the web page with malicious code added to it,” he said. “This altered web page is then displayed on the victim’s web browser. Its appearance remains exactly the same, but the added code harvests the victim’s login credentials”.
Phishing threat to businesses
Phishing emails are a major problem for companies, as staff are often unaware of the risks clicking on links or opening attachments from unknown senders.
It’s important to educate your staff so that they can spot and avoid phishing campaigns, significantly reducing the risk of a cyber attack on your organisation.
