[SingCERT] Dyre Malware

Published on Friday, 17 April 2015 14:05

[ Background ]

Variants of Dyre (Dyreza) malware have been observed to be targeting the retail and banking customers. The malware spreads itself through phishing emails that contain malicious attachments.


[ Signs of Infection ]

  • Multiple requests to provide your login credentials even though the provided information is correct.
  • Altered or unusual login procedures to the iBanking website.


[ Impact ]

Sensitive login credentials are stolen.


[ Recommendations ]

  • Keep your system and software up-to-date.
  • Be careful when opening email attachments. If in doubt, do not open the attachment.
  • Never enter in the OTP code into any websites for financial transactions that you have never performed.
  • Install antivirus software and keep it up-to-date to protect your system.

Users may refer to GoSafeOnline to protect your systems.


[ References ]

http://www.dbs.com.sg/personal/deposits/security-and-you/default.page
https://pib.uob.com.sg/personal/ebanking/pib/security_advisory_malware_dyzera.html
https://www.sc.com/sg/dyre.html
http://www.analytics.sg/insights/insights-dyre_banking.html
https://www.us-cert.gov/ncas/alerts/TA14-300A
http://securityintelligence.com/dyre-banking-trojan-used-in-apt-style-attacks-against-enterprises/