Windows 10 and Edge now targeted by Dyreza password-stealing, botnet-binding malware
A new variant of the nasty banking malware Dyreza has been updated to target Windows 10 and the Microsoft Edge web browser, just in time for the deluge in online shopping traffic expected this weekend on Black Friday and Cyber Monday.
Dyreza, which is offered as a software criminals can buy to attack companies with, has previously been used to steal millions of dollars from numerous companies via wire transfer by launching well-timed Distributed Denial of Service (DDoS) attacks and social engineering attacks, according to research from IBM.
According to security firm Heimdal Security, the malware attacks Internet Explorer, Mozilla Firefox and Google Chrome, but now it is adding Microsoft's new and super-secure Edge browser to its conquests.
The malware is sent out via email to as many random users as possible in a "spray and pray" campaign, and if the user opens the email attachment, the malware installs itself using an downloader called "Upatre".
After the malware is installed, it sinks its claws into the user's web browser and drains all sensitive information and passwords stored in the browser. Then after it's done, the malware then binds the affected computer into a botnet.
Heimdal Security says that 80,000 computers in the world are currently infected by the malware, and that Dyreza is flourishing because most anti-virus software are unable to detect its existence.
"Besides including support for Windows 10 and Microsoft Edge, this Dyreza strain has also developed a new module: 'aa32' (x86) for 32 bit or "aa64" (x64) for 64-bit. This module is used by attackers to terminate a long list of processes associated with security software. The module injects itself in 'spoolsv.exe' and continuously tries to implement 'kill processes'," Heimdal Security's Andra Zaharia writes in a blog post.
"The timing of this new strain is just right as well: the season for Thanksgiving, Black Friday and Christmas shopping is ready to start, so financial malware will be set to collect a huge amount of financial data. Users will be busy, prone to multitasking and likely to choose convenience over safety online."
So what can you do to avoid problems when shopping online this Black Friday? For one, don't save important passwords for online banking or PayPal in your web browser, and never, ever, open email attachments. For more tips, check out our Black Friday 2015: How to stay safe shopping online for Christmas bargains guide.
© Copyright IBTimes 2024. All rights reserved.