Banking customers in the UK are once again being targeted by cybercriminals, as a new threat dispatched 19,000 spam emails in just a three day period.
This is the warning from security experts Bitdefender, which said that the malicious emails invites users to download an archive containing a malicious .exe file.
Trend Micro warned last month that infections of the Dyre banking malware have risen sharply in the first quarter of 2015, with Europeans among the most targeted.
And now in the latest campaign, BitDefender said that 19,000 customers of Barclays, Royal Bank of Scotland, HSBC, Lloyds Bank and Santander have been targeted. In the US, clients of Bank of America, Citibank, Wells Fargo, JP Morgan Chase and PayPal may have been exposed to theft. Germany banking customers have also been targetted.
The way it works is that the banking customers gets an email that poses as a follow-up email from a tax consultant. The message asks the user to urgently download the attached archive and provide information to complete a financial transaction.
Another spam email pretends to attach financial documentation and asks the user to verify its authenticity. A third spam email warns the recipient of penalties imposed on his or her company, with an invitation to the business owner to see ‘the administrative determination.’
“First seen in 2014, Dyre is very similar to the infamous Zeus,” said Catalin Cosoi, Chief Security Strategist at Bitdefender. “It installs itself on the user’s computer and becomes active only when the user enters credentials on a specific site, usually the login page of a banking institution or financial service. Through a man-in-the-browser attack, hackers inject malicious Javascript code, allowing them to steal credentials and further manipulate accounts, all completely covertly.”
“If the user opens a banking web page, the malware will contact a malicious server and send it a compressed version of the web page,” said Cosoi. “The server will then respond with the compressed version of the web page with malicious code added to it. This altered web page is then displayed on the victim’s web browser. Its appearance remains exactly the same, but the added code harvests the victim’s login credentials.”
Dyre is a well known banking trojan. Its techniques for data theft include man-in-the-middle web browser attacks, taking browser screen-shots that are then sent back to the malware’s operators, and stealing security certificates and online banking credentials. Salesforce.com warned last year that the malware was targeting its customers.
The malware was found last summer to be targeting UK users.
In April, IBM reported that an experienced Eastern European criminal gang was using the malware along with sophisticated social engineering techniques, such as telephone lines with English-language operators, to target US organisations, with successful operations netting between $500,000 (£330,000) and $1.5 million per incident.
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…