New Trojan Stealing Online Banking Data, Warns CERT-In

Advertisement
By Press Trust of India | Updated: 5 November 2014 17:32 IST
Cyber-security sleuths have alerted online banking customers in the country against the malicious activity of a deadly Trojan which steals classified data and passwords of a vulnerable user.

"It has been reported that variants of a new banking Trojan dubbed as 'Dyreza' are spreading. The malware mainly targets the customers of well-known financial institutions running Microsoft Windows operating system."

"It propagates by using social engineering techniques or by means of spam messages pretending to be genuine mail received from financial institution containing either a zip or pdf as an email attachment exploiting the vulnerability in unpatched versions of Adobe Reader to download the malware."

Advertisement

"The zip contains a self executing malware which installs itself on the target system on being extracted," the Computer Emergency Response Team of India (CERT-In) said in its latest advisory to users of online banking system.

The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.

The agency said the malware is capable to wreak havoc into a secure system in a number of ways. The Trojan, an unauthorised programme which passively gains control over another system by representing itself as an authorised programme, steals infected bank customers' online banking credentials, can bypass secure protection settings using browser hijacking, can capture keystrokes, perform man-in-the-middle attack to intercept network traffic and communicate with command and control server, the agency said.

Once the spam mail is received by a bank customer, the agency said, it 'entices' the user to download and extract the zip file which then begins its destructive and stealing action.

Advertisement

The Trojan is categorised as 'deadly' as it can acquire as many as ten aliases to evade anti-virus updates.

The said malware performs by injecting malicious code in the web browsers including Chrome, Firefox, Internet Explorer, so that when infected user visits any of the banking sites their credentials are stolen.

Advertisement

The command traffic, after the Trojan is activated in the user network, is first redirected to the malicious server and then to the legitimate banking site thereby copying and stealing proprietary data, the advisory said.

The CERT-In has suggested some counter-measures to safeguard against this Trojan.

Advertisement

"Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats such as vbs, bat, exe, pif and scr files, set Internet and local intranet security zone settings to high, lock out accounts after number of incorrect login attempts."

"Also, limit or eliminate the use of shared or group accounts, do not visit untrusted websites, enable firewall at gateway or desktop level, do not download or open attachment in emails received from untrusted sources or unexpectedly received from trusted users and install and scan anti-malware engines and keep them up-to-date," it said.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Cyber Attack, Hacking, Internet, Trojan, malware
Advertisement

Related Stories

Popular Mobile Brands
  1. Best Mobiles Under Rs. 30,000 in India
  2. Amazon Prime Day 2026: Best Deals on Soundbars From JBL, and More
  1. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  2. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  3. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  4. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  5. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  6. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  7. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  8. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
  9. Sony Reportedly Restructures Disc Factory After Announcing End of Physical Game Discs on PlayStation
  10. Maharashtra Legislature Passes Amendment to Bring Virtual Digital Assets Under Depositor Protection Law
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.