HackDig : Dig high-quality web security articles for hacker

Dyreza Trojan Can Now Hook into Microsoft Edge, Enlist Windows 10 Users into Botnet

In the spring of 2014, researchers at the Center for Strategic and International Studies identified a powerful strain of banking malware whose code functions similarly to that of ZeuS.The malicious software, now formally known as Dyreza, hooks into Internet Explorer, Chrome and Firefox, at which point in time it harvests sensitive data whenever users visit t
Publish At:2015-11-30 04:05 | Read:3342 | Comments:0 | Tags:Cyber Security Featured Articles botnet Dyreza Heimdal Secur

New Dyre variant in the wild supports Windows 10 and Microsoft Edge

The developers of the Dyre banking Trojan have released a new version of the malware that includes support for Windows 10 and Microsoft Edge. The security firms Heimdal Security and F5 Networks have uncovered a new version of the Dyre (Dyreza) banking Trojan that includes support for Windows 10 and Microsoft Edge. The new vari
Publish At:2015-11-19 16:45 | Read:3699 | Comments:0 | Tags:Breaking News Cyber Crime Malware Cybercrime Dyre Dyreza mal

A Technical Look At Dyreza

In a previous post we presented unpacking 2 payloads delivered in a spam campaign. A malicious duet – Upatre (malware downloader) and Dyreza (credential stealer). In this post we will take a look at the core of Dyreza – and techniques that it uses. Note, that Dyreza is a complex piece of malware and various samples come with various techniques &#
Publish At:2015-11-05 03:00 | Read:7605 | Comments:0 | Tags:Malware Analysis analysis dyreza malware

Unpacking Fraudulent “Fax”: Dyreza Malware from Spam

This post describes the process of unpacking a malware delivered in a spam campaign. The described sample has been delivered on 1 October 2015 at 17:33 CEST. E-mail content: Fragment of message headers: Received: from spamfilter.jpenergypartners.com (84.95.205.45.forward.012.net.il [84.95.205.45]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bit
Publish At:2015-10-19 14:50 | Read:3225 | Comments:0 | Tags:Malware Analysis dyreza spam

Dyreza Trojan Targeting IT Supply Chain Credentials

The Dyreza Trojan long ago ceased its exclusive focus on stealing banking credentials, and has been blamed for its part in attacks against Salesforce.com customers, webhosts and registrars, online retailers and many more.Researchers at Proofpoint today published new information that indicates the malware is now being used to phish credentials for the IT supp
Publish At:2015-09-30 02:30 | Read:2027 | Comments:0 | Tags:Malware Web Security banking trojan Dyre Dyreza Financial Fr

Crooks Use Hacked Routers to Aid Cyberheists

Cybercriminals have long relied on compromised Web sites to host malicious software for use in drive-by download attacks, but at least one crime gang is taking it a step further: New research shows that crooks spreading the Dyre malware for use in cyberheists are leveraging hacked wireless routers to deliver their password-stealing crimeware. Ubiquity Networ
Publish At:2015-06-29 21:00 | Read:2007 | Comments:0 | Tags:A Little Sunshine Latest Warnings Web Fraud 2.0 AirOS botnet

Microsoft Help File Malware Targets JPMorgan Chase Customers

A fresh malware sample was recently spotted using an attached Microsoft Compiled HTML (Help file) attached to spam messages. A Microsoft Help file is a binary file, which encompasses a set of HTML files; it usually has a .chm or .hlp extension. The malicious help file malware analyzed – a .chm file – arrived via spam email posing as coming from J
Publish At:2015-06-09 06:40 | Read:2349 | Comments:0 | Tags:Featured ThreatTrack Security Labs Vulnerabilities chm Dyre

Dyre Spambots Use JJencode to Broaden Distribution

January was a busy month for the developers of Dyre/Dyreza. The group reintroduced their Upatre link spam with some additional subterfuge. This article will explore two types of spambots that Dyre utilizes;  the following diagram presents a simplified visual on how each type executes. Differences between two current Dyre spambots. Dyre bot operators have sta
Publish At:2015-02-10 01:45 | Read:3508 | Comments:0 | Tags:Featured ThreatTrack Security Labs Dyre Dyreza jjencoded spa

New DYRE Variant Hijacks Microsoft Outlook, Expands Targeted Banks

The DYRE/Dyreza banking malware is back with a new infection technique: we observed that it now hijacks Microsoft Outlook to spread the notorious UPATRE malware to target an expanded list of targeted banks. Last October 2014 we observed a hike in UPATRE-DYRE malware infections brought by the CUTWAIL spambot, a pattern we observed was similar to the propagati
Publish At:2015-01-30 14:50 | Read:3262 | Comments:0 | Tags:Malware banking malware DYRE Dyreza UPATRE

Spammers Accelerate Dyre Distribution

ThreatTrack Security Labs researchers continue to monitor the evolution Dyre (aka Dyreza), the banking-credential-stealing Trojan that appears to be quickly filling the gap left by the takedown of GameOver Zeus. We reported earlier on how Dyre has been associated with malicious spam utilizing the Upatre downloader, and our researchers also cited how Dyre’s l
Publish At:2014-12-12 23:00 | Read:4918 | Comments:0 | Tags:Featured ThreatTrack Security Labs ADP Spam American Express

Dyre Recruiting CareerBuilder.com Users

Job seekers beware. A login-credential-stealing Trojan is trying to steal your email address and password when you access CareerBuilder.com. We recently reported on the evolution of Dyre as observed by ThreatTrack Security Labs. The latest developments to this data-stealing Trojan, also known as Dyreza, is an expanded list of targeted sites, including the ad
Publish At:2014-12-12 23:00 | Read:4134 | Comments:0 | Tags:Featured ThreatTrack Security Labs careerbuilder scam career

Bitstamp Users Targeted by Bitcoin Thieves

Earlier this month, ThreatTrack Security researchers observed the credential stealing Trojan, Dyre, adding Bitcoin wallet sites to its list of targets, including Bitstamp.net. Recently, the team spotted a malicious spam campaign directly targeting Bitstamp users. The message (see image below) misappropriates Bitstamp’s branding and claims “We would like to i
Publish At:2014-10-30 15:10 | Read:2767 | Comments:0 | Tags:ThreatTrack Security Labs Bitcoin bitstamp Dyre Dyreza spam

US-CERT Warns of Dyre Banking Trojan

The Department of Homeland Security formally sounded the alarm Monday on Dyre, the banking Trojan that’s been spotted siphoning banking credentials from both large enterprises and major financial institutions as of late.The warning came in the form of an alert from the United States Computer Emergency Readiness Team (US-CERT) informing the public of th
Publish At:2014-10-28 16:15 | Read:2257 | Comments:0 | Tags:Malware Vulnerabilities Banking trojans DHS Dyre Dyreza malw

Dyre Hunts Bitcoin

The rapid evolution of Dyre (or Dyreza) continues, and this time it wants your Bitcoins. In September of 2014, the credential stealing Trojan, Dyre, was observed taking its game beyond targeting financial and banking institutions to pursue login data of Salesforce users. Then, in early October, researchers at Proofpoint reported on Dyre’s ability to download
Publish At:2014-10-16 14:35 | Read:3278 | Comments:0 | Tags:Featured ThreatTrack Security Labs Bitcoin Dyre Dyreza malwa

ITsecurity Daily News: 09/19/2014

ITsecurity Daily News: 09/19/2014 The ITsecurity daily security briefing: Friday, September 19, 2014.If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com.NewsPapers/Rep
Publish At:2014-09-20 00:50 | Read:9980 | Comments:0 | Tags:News Android CosmicDuke Dyre Dyreza encryption Home Depot Io

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud