Security specialists believe TrickBot, the newest strain of malware hitting Australian banks, looks a lot like Dyre, one of the most aggressive Trojans to target the financial market.
Through man-in-the-middle attacks launched weekly, Dyre manipulated web sites to meddle with the communication between more than 400 financial institutions and their customers, causing hundreds of millions of dollars in damage. Royal Bank of Scotland, Bank of America and JP Morgan Chase are among the victims of phishing campaigns launched using Dyre.
25th Floor, a film production and distribution company in Moscow, was raided in November of last year, in a probe believed associated with the attacks, according to Reuters, but “a direct link between the program’s shutdown and the raid could not be determined.” However, the attacks stopped after the raid. Before Russian authorities stopped the operation, Dyre was a big threat because traditional security solutions often failed to protect the victims from infection.
25th Floor had allegedly been working on a movie about cybercrime with a plot similar to a cyberattack in 2010. In the movie, hackers used a malware strain similar to Dyre. Following investigations, Russian authorities said “25th Floor was allegedly involved in distributing the notorious password-stealing malware known as Dyre Banking Trojan.”
As shown by recent events in Australia, the new type of malware, sharing significant similarities in code with Dyre, is aggressively attacking banks. Specialists believe TickBot might even be a Dyre upgrade, but it’s more likely that the developers involved in creating Dyre are behind the new attacks.