The Trojan software was discovered by researchers investigating a phishing scam that was spreading via Dropbox. It is believed to be a completely new family of malware, similar to but sufficiently distinct from, the Zeus malware.Newly discovered RAT sneaks by SSL and steals victims' banking credentials, Named Dyre. Dyre has been designed to target certain banks in particular Bank of America, CitiGroup, NatWest, RBS and Ulsterbank.
According to Peter Kruse, partner and security specialist for CSIS Security Group, like many RATs on the black market, Dyreza is designed specifically to attack online banking customers.
"The target list has a specified set of targets which whenever visited will trigger some additional functions in the Trojan and harvest credentials"
This malware effectively bypasses SSL protections within the browser while stealing credentials.
This malware also currently doesn't appear to have advanced capabilities such as data encryption, many-to-one relationships with command and control infrastructure, or randomization of file names, Tokazowski told Dark Reading.
According to Tokazowski, given the lack of Zeus-like features and differences in network communication, there's a good chance the malware is based on a new code base. This is the second time in two weeks that researchers have claimed to have found new banking Trojan strains.
Few days back RSA reported the same about malware it called Pandemiya, though Kruse of CSIS claims that analysis by the security community has shown that it may have reused code from Gozi.
Tokazowski postulated that a new rash of RATs could be coming as a result of the recent GoZeus takedown.
