Shortly after online banking customers in the UK were warned of a major phishing campaign using the notorious Dyre malware designed to steal financial data, the malware has resurfaced in a new iteration for the holiday season.
Customers of Barclays, Santander and Lloyds TSB were being targeted by the trojan malware. Nearly 20,000 malicious emails were sent containing infectious .exe files posing as an email from a tax consultant. The file acts as a downloader that fetches and executes the Dyre banking trojan when opened.
Follow up emails then urge victims to attach financial documentation and verify its authenticity. The malware has also been found in the US and Germany. Customers of Bank of America, Deutsche Bank and PayPal are all thought to have been affected by the most recent attack.
However, as Europeans head to the beaches of Spain this summer, the cybercriminals behind the highly successful Dyre malware are not taking a break. In fact, they are turning up the heat and have set their sights on 17 Spanish banks, and several European banks’ Spain-based subsidiaries.
IBM Security X-Force researchers were able to analyze a new Dyre Trojan configuration file that followed the release of a new Dyre build. This is the first configuration that targets such a large number of Spanish banks. Previous versions only included three or five Spain-based banks on the victim roster, likely as a way to test the waters before moving to a more aggressive phase.
The analysis reveals that Dyre’s developers have expanded the capabilities and reach of the malware by updating its webinjections to match the new banks they are targeting in Spain. On top of its Spanish targets the Dyre gang sees opportunities in other Spanish speaking countries beyond Spain, attacking in Chile, Colombia and Venezuela. This is hardly surprising given that Spanish is the second most spoken language in the world.
Dyre is not new in Europe. It already targets banks all over the European continent, unsurprisingly leaving out only Russia and the former Soviet Union region. Within Europe, Dyre infection rates in Spain are ranked third after the UK and France.
In numbers, Spanish companies recorded losses of €14 billion from cybercrime in 2014. The recent cybercrime newsfrom Spain features the arrest of a gang that managed to amass EUR 2 million in fraudulent premium number phone calls from stolen phones and SIM cards.
IBM has appropriately shared the new Dyre information to help prepare and protect targeted banks against the heightened security risk.