Its developers Dyre Trojan seems to have improved its functionality. Dyre is a banking Trojan, which now has its own SSL certificate to communicate with the command and control center (C&C).
Σε μια πρόσφατη ανάλυση ενός δείγματος, ερευνητές ασφαλείας της Proofpoint, ανακάλυψαν ότι το κακόβουλο λογισμικό χρησιμοποιεί ένα ψηφιακό πιστοποιητικό που εκδίδεται από την Internet Widgits Pty Ltd. Η επικοινωνία με τους απομακρυσμένους διακομιστές γίνεται από τις θύρες 443 και 4443.
By using their own communication certificate, the new Dyre variant makes it much harder for security solutions to recognize the traffic as malicious.
The new version of Dyre steals browser data and lists installed programs on computer of the victim.
In the latest variant, there is also a feature called “browsersnapshot.” The new feature is responsible for collecting browser data such as cookies, client-side certificates, and Windows private keys from the certificate store used by the Internet Explorer, but also in its certificate database Firefox.
It also lists all installed computer programs as well as operating services. This is done to create more effective attacks.
As for the commands and targets, the Trojan downloads them from the C & C server. This makes the malware a very flexible tool into the hands of cybercriminals as they can add or remove targets and commands as per their needs.
For the record, the malware has been specifically created to steal users' banking information and was originally targeted connections from Bank of America, Citigroup, Royal Bank of Scotland, Ulsterbank and Natwest.
