Dyreza banking trojan

The DYREZA banking trojan is being used in a campaign which has been initiated by cybercriminals.

The cybercriminals behind the DYREZA banking trojan are using crafted malicious ‘Flash Player Update’ schemes to install the DYREZA banking trojan on the devices of the following listed banks:

  • Bank of America
  • Natwest
  • Citibank
  • RBS
  • Ulsterbank

The CSIS team has researched the DYREZA banking trojan, and they explain that the code is designed to work just like the ZeuS banking trojan. DYREZA is able to perform ‘hooking’ on Internet Explorer, Google Chrome, and Firefox. They explain that the malware is able to harvest data at any selected and connected state.

The malware is being provided to the unaware users via the following known campaigns

  • Your FED TAX payment ID [random number]
  • RE: Invoice #[Random number]