Fraud

Dyre In-Depth: Server-Side Webinjects, I2P Evasion, and Sophisticated Encryption

Dyre is one of the most sophisticated banking malware agents in the wild.
April 12, 2015
2 min. read

 

Dyre is one of the most sophisticated banking and commercial malware agents in the wild. This trojan uses fake login pages, server-side webinjects, and modular architecture to adapt to the victim. This in-depth report looks at the entire fraud flow and its capabilities.

Dyre is a relatively new banking Trojan, first seen in the beginning of 2014. It soon emerged as one of the most sophisticated banking and commercial malware in the wild. Although it mainly targets online banks, it steals other types of credentials as well. Dyre uses many new techniques such as completely fake login pages, server side web-injects, and modular architecture. The level of sophistication and the constant upgrading of its capabilities suggest that it is here to stay.

Many have written about this new threat. However, few have succeeded in covering the entire fraud flow and all of its capabilities.

Just like most other malware, Dyre spreads via phishing campaigns. The infection process has several stages. First, the victim receives an email, similar to the template above, containing an attachment. Once the victim opens the attachment, he or she unknowingly executes the "Upatre" malware downloader. It then downloads and infects the machine with the actual Dyre malware. In the last stage, the malware uses a spamming tool to send similar emails and continue spreading.

Attackers use several methods to evade security solutions and researchers. Dyre constantly changes its "packing"—a technique for changing the binary code without changing its functionality, so it won’t be detectable or readable.

To see the full version of this article, click "Download" below.

Join the Discussion
Authors & Contributors
Anna Dorfman (Author)
Avi Shulman (Author)
Security Researcher

What's trending?

Forward and Reverse Shells
Forward and Reverse Shells
09/15/2023 article 5 min. read
Web Shells: Understanding Attackers’ Tools and Techniques
Web Shells: Understanding Attackers’ Tools and Techniques
07/06/2023 article 6 min. read
What Is Zero Trust Architecture (ZTA)?
What Is Zero Trust Architecture (ZTA)?
07/05/2022 article 13 min. read