Dyreza Banking Trojan evades sandboxes by checking available processors

The seculert team has provided information about a new type of Dyreza banking trojan which has evolved with a piece of code which allows it to check for Sandbox environment, and if a sandbox environment is detected it will terminate immediately. The Dyreza banking trojan checks if it is being run in a sandbox environment by looking for the amount of processors which are active. If it detects that only one processor is running, it will send an command to terminate the Dyreza banking trojan.

The cybercriminals have updated the banking trojan with this function to evade cyber security professionals which are analyzing the Dyreza banking trojan in sandbox environments like Cuckoo Sandbox.

Share This Message