As Microsoft continues to push Windows users towards adopting the latest version of the popular OS, malware authors have started adding support for it.
Heimdal Security researchers have recently found and analyzed a new variant of the widespread Dyre/Dyreza banking Trojan, and support for Windows 10 has been included in it, as has the ability to hook to Microsoft Edge, the new browser that’s meant to, eventually, supplant Internet Explorer.
Apart from stealing data, Dyreza is also capable of downloading additional malware, and to rope computer systems into a botnet. According to the researchers, some 80.000 machines are already infected with Dyreza worldwide, and the number is likely to increase.
This variant is meant to compromise a variety of Windows systems (Windows 7, XP, 8, 8.1, Vista, Vista SP1 and SP2, 10, and Win Server 2003), hook into various browsers (Chrome, Chromium, Firefox, IE, and Edge), and terminate a long list of processes associated with security software.
As in the past, the malware is usually delivered via the Upatre Trojan, which users are tricked into downloading from random spam emails.
“As it happens more and more often with financial malware, Dyreza is also a ‘Crime as a Service network’ that anyone can buy into,” the researchers noted.
“To make it even more appealing – and, consequently, financially viable – the makers have also predefined a group of targets in the code configuration file. The targets are typically online banking websites. All cyber criminals have to do is buy the malware and deploy it. This is how low-tech attackers can target more unsuspecting victims and harvest their financial information to get into their bank accounts, while malware creators reap the financial benefits of massively selling the malware kits.”
They also pointed out that the criminals have good timing, and have been pushing out this new strain just in time to compromise users’ computers as they are beginning to do their online shopping for the upcoming holidays.