Banking malware targets UK high street banks

RBanking malware targets UK high street banksesearchers report that cyber criminals have used spam servers to send 19,000 malicious emails to UK customers of Barclays, Royal Bank of Scotland, HSBC, Lloyds Bank and Santander in an attempt to steal bank login details.

Containing the Dyreza banking Trojan – also known as Dyre – the phishing emails pose as a follow-up email from a tax consultant, asking the user to urgently download an attached file in order to complete a financial transaction. A second email asks the user to attach files to verify financial and personal details, while a third email is also sent. Attached to the emails is an archive containing a malicious .exe file.

Dyre shares many similarities with the infamous Zeus malware. Catalin Cosoi, chief security strategist at Bitdefender describes the malware:

“It installs itself on the user’s computer and becomes active only when the user enters credentials on a specific site, usually the login page of a banking institution or financial service,” he continued, adding how “hackers inject malicious JavaScript code, allowing them to steal credentials and further manipulate accounts, all completely covertly.”

“If the user opens a banking web page, the malware will contact a malicious server and send it a compressed version of the web page. The server will then respond with the compressed version of the web page with malicious code added to it,” he said. “This altered web page is then displayed on the victim’s web browser. Its appearance remains exactly the same, but the added code harvests the victim’s login credentials”.

Phishing threat to businesses

Phishing emails are a major problem for companies, as staff are often unaware of the risks clicking on links or opening attachments from unknown senders.

Phishing Staff Awareness courseIt’s important to educate your staff so that they can spot and avoid phishing campaigns, significantly reducing the risk of a cyber attack on your organisation.

The 30-minute Phishing Staff Awareness Course is designed to educate your employees about phishing emails, including how they work and the tactics cyber criminals employ.

Protect your business with the Phishing Staff Awareness Course >>