Dyreza malware moving from stealing financial information to stealing customer information

  • Team Omega
  • September 11, 2014

When Dyreza (Dyre) malware was first discovered in June of 2014 it was known to attack large financial institutions like Citibank, Bank of America, RBS, Ulsterbank and such. The primary target then was UK.  In this malware, the code was designed to embed as soon as a user got in touch with the targets specified in it.

Another variation of the same malware is out now targeting Salesforce and other cloud services, according to Corporate espionage. The focus of this malware is on credentials and information from any Web site. The chief security officer and founder of the firm Adallom mentioned that it’s unclear, whether the criminals see a legitimate market in corporate customer information or if the data is just another way to better steal money from bank accounts.

“Since the package contains a list of URLs being targeted, it looks like the creators of this variant simply added salesforce.com URLs to the target list because it was easy—but unlike banking credentials, we’re not currently aware of any cyber crime stores selling salesforce.com credentials, which is a telling indicator.”

Salesforce.com reportedly sent out an alert to its customers to warn them of the malware saying none of their customers so far have been attacked. Read full story