Since its 1st appearance in June 2014, the Dyre Trojan has reportedly been used in a succession of phishing campaigns across the globe, including attacks against major brand names such as the Royal Bank of Scotland, Citigroup, JPMorgan Chase, and Bank of America. The current target list now includes more than 100 banks, with new banks being targeted on a weekly basis.
Dyre Trojan has created industry-wide concern.
At the heart of the Trojan’s successful man-in-the-middle (MitM) attacks is a technique called “browser hooking”.
This technique allows the malware operators to route unsuspecting customers to fake banking websites, where their PC is infected with malware, and the user is tricked into surrendering their login credentials. The stolen credentials are then used to conduct an account takeover (ATO) from a spoofed device, through a proxy, or directly from the infected PC, by use of remote access tools.
Attempts to stop Dyre attacks with traditional fraud controls (antivirus, authentication, statistical risk engines, and device IDs) have proven ineffective.
Leave a Reply