Dyre banking Trojan infections more than doubled

“Cybercriminal interest in online banking continues to grow, and crooks wielding the Dyre/Dyreza banking Trojan continue spewing out spam emails delivering a new variant of the malware.

“There has been a 125% increase of Dyre-related infections worldwide this quarter compared to the last,” Trend Micro researchers have noted. “Roughly 7 in 10 users infected during the last three months came from the European (39% of the total count) and North American (38%) regions. Asia Pacific came in third, with 19% of the infections.”

In early May, there was a considerable spike in these spam emails targeting the APAC region.

“We looked closely at the financial institutions whose URLs were contained in the Dyre malware samples. We noted URLs associated with several multinational banks, including their varied country branches, divisions, and the like,” the researchers shared.

As before, Dyre is not delivered directly via email. Instead, the malicious attachments hold the Upatre downloader, which then downloads Dyre.

Upatre also got updated, and this newer versions have the ability to disable firewall/network related security by modifying some registry entries and via stoppage of related services, and to disable Windows’ default anti-malware feature (Windows Defender).

The emails delivering the malware try to scare users into opening the attached file by claiming that the recipients’ tax payments have doubled.

So far, they have been mostly in English, but Trend Micro expects more regionalized messages in the future, as the attackers are looking to expand globally.”