As Europeans head to the beaches of Spain this summer, the cybercriminals behind the highly successful Dyre malware are not taking a break. In fact, they are turning up the heat and have set their sights on 17 Spanish banks, and several European banks’ Spain-based subsidiaries. IBM Security X-Force researchers were able to analyze a new Dyre Trojan configuration file that followed the release of a new Dyre build. This is the first configuration that targets such a large number of Spanish banks. Previous versions only included three or five Spain-based banks on the victim roster, likely as a way to test the waters before moving to a more aggressive phase.
The analysis reveals that Dyre’s developers have expanded the capabilities and reach of the malware by updating its webinjections to match the new banks they are targeting in Spain. On top of its Spanish targets the Dyre gang sees opportunities in other Spanish speaking countries beyond Spain, attacking in Chile, Colombia and Venezuela. This is hardly surprising given that Spanish is the second most spoken language in the world.
Dyre is not new in Europe. It already targets banks all over the European continent, unsurprisingly leaving out only Russia and the former Soviet Union region. Within Europe, Dyre infection rates in Spain are ranked third after the UK and France.
SC Magazine on how dyre malware rose to the top of the financial malware threat list:
Dyre malware, which quickly emerged as one of the most prominent financial trojans following the Gameover Zeus botnet takedown last June, is still steadily making its mark in the underground market – and in victims’ accounts – prompting researchers to deem the threat a malicious tool successfully, though likely temporarily, filling the void of Zeus.
On Tuesday, Symantec released a whitepaper (PDF) on Dyre and its impact on the financial fraud landscape, noting that the malware targets all three major browsers (Internet Explorer, Firefox, and Chrome), and that it has been configured to target customers at more than 1,000 banks and other firms around the globe. Users in the U.S. and UK have primarily been targeted by the trojan, Symantec added in a blog post covering its research.