Dyre Wolf Banking Malware Steals More Than $1 Million

A new, coordinated attack based on a variant of the Dyre banking malware is responsible for stealing more than $1 million from corporations. The new campaign was discovered by IBM Security researchers, who are calling the attack EUThe Dyre Wolf." The campaign has added elements of social engineering designed to defeat security measures such as two-factor authentication.

Dyre is a Trojan that first made its appearance last year in a series phishing attacks against large banks such as Citigroup, JPMorgan Chase, and Bank of America. Since its debut, the Trojan has grown more sophisticated and easier to use, making it even more dangerous to the corporations targeted by it.

Long-Term Attacks, High Return on Investment

The Dyre Wolf attack begins when an e-mail containing the Upatre malware is sent to an employee of the targeted enterprise. Once the e-mail is opened, Upatre installs itself on the enterprise network and opens a connection to the attacker, who can then install the Dyre Trojan.

From there, Dyre can alter the response from a bankEUs Web site to include instructions to users to call the bank at a number used by the attacker. The attacker then cons the user into providing authentication information that the attacker can then use to initiate a wire transfer from the victimEUs account to several offshore accounts.

The attacker finishes the attack by mounting a distributed denial-of-service attack that prevents anyone from investigating the wire transfer until it has already been completed.

The attack is being conducted by an experienced cybercrime organization with significant resources at its disposal, according to IBM security researchers. EUAs we continue to see, cybercriminals grow in resourcefulness and productivity at alarming rates,EU John Kuhn, senior threat researcher at IBM, wrote in a blog post. EUThey are sharing expertise on a global scale via...

Comments are closed.