Update: As of June 25, reports are that these Mobile Banking Trojans are spreading rapidly. This infographic at MIT Tech Review summarizes the trend.
Even though police have thwarted Zeus and many of its variants by arresting those responsible, it appears that there are a growing number of malware contenders eager to steal your financial information.
Last week, we tweeted a warning from the @ITatUD twitter account about a new Remote Access Trojan (RAT) that targets your financial information in ways that the Zeus malware variants had done.
Called Pandemiya, this malware has probably been coded from scratch–a rarity in today’s malware environment–and has been written as modular code–implying that many different variants may be coming. (Source: ELi Marcus, New Pandemiya Trojan Emerges as Alternative to Zeus-based Variants, RSA Speaking of Security Blog, June 10, 2014)
New reports are surfacing of another RAT that also targets your financial information as Zeus variants had done. Discovered by the researchers at PhishME, Dyre (aka Dyreza) sneaks onto you machine as a hidden “trojan” with another file and then monitors your web browsing, springing into action when it senses you are going to a financial site: “By using a sleight of hand, the attackers make it appear that you’re still on the website and working as HTTPS. In reality your traffic is redirected to the attacker’s page.” (Source: Ronnie Tokazowski; Project Dyre: New RAT Slurps Bank Credentials, Bypasses SSL; PhishME.com, June 13, 2014)
As of June 13, the only accounts at American banks Dyre was targeting are those at CitiGroup and Bank of America–but that can change. And Dyre also appears to have been coded from scratch.
Dyre and Pandemiya are both trojans, coming onto your system when you download a file that contains a hidden payload–the remote access malware that will monitor your web browsing and send your banking credentials to criminals for further bad acts.
Your best defense:
- Don’t download files or accept attachments to email unless the source is one your trust.
- Make sure you have McAfee VirusScan, Malwarebytes, or another anti-virus/anti-malware package on your computer and that it is set to scan all email attachments and downloaded files.
For more information, read the articles cited above or read Erica Chickowski’s post at darkreading.com: A Dyre New Banking Trojan (June 17, 2014).
It’s pretty clear that even with Zeus and its variants gone, that there will be plenty of criminals ready to continue the “crime-as-a-service ecosystem” that has claimed many victims.