New Trojan Stealing Online Banking Data, Warns CERT-In

Advertisement
By Press Trust of India | Updated: 5 November 2014 17:32 IST
New Trojan Stealing Online Banking Data, Warns CERT-In
Cyber-security sleuths have alerted online banking customers in the country against the malicious activity of a deadly Trojan which steals classified data and passwords of a vulnerable user.

"It has been reported that variants of a new banking Trojan dubbed as 'Dyreza' are spreading. The malware mainly targets the customers of well-known financial institutions running Microsoft Windows operating system."

"It propagates by using social engineering techniques or by means of spam messages pretending to be genuine mail received from financial institution containing either a zip or pdf as an email attachment exploiting the vulnerability in unpatched versions of Adobe Reader to download the malware."

"The zip contains a self executing malware which installs itself on the target system on being extracted," the Computer Emergency Response Team of India (CERT-In) said in its latest advisory to users of online banking system.

The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.

Advertisement

The agency said the malware is capable to wreak havoc into a secure system in a number of ways. The Trojan, an unauthorised programme which passively gains control over another system by representing itself as an authorised programme, steals infected bank customers' online banking credentials, can bypass secure protection settings using browser hijacking, can capture keystrokes, perform man-in-the-middle attack to intercept network traffic and communicate with command and control server, the agency said.

Once the spam mail is received by a bank customer, the agency said, it 'entices' the user to download and extract the zip file which then begins its destructive and stealing action.

Advertisement

The Trojan is categorised as 'deadly' as it can acquire as many as ten aliases to evade anti-virus updates.

The said malware performs by injecting malicious code in the web browsers including Chrome, Firefox, Internet Explorer, so that when infected user visits any of the banking sites their credentials are stolen.

Advertisement

The command traffic, after the Trojan is activated in the user network, is first redirected to the malicious server and then to the legitimate banking site thereby copying and stealing proprietary data, the advisory said.

The CERT-In has suggested some counter-measures to safeguard against this Trojan.

"Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats such as vbs, bat, exe, pif and scr files, set Internet and local intranet security zone settings to high, lock out accounts after number of incorrect login attempts."

"Also, limit or eliminate the use of shared or group accounts, do not visit untrusted websites, enable firewall at gateway or desktop level, do not download or open attachment in emails received from untrusted sources or unexpectedly received from trusted users and install and scan anti-malware engines and keep them up-to-date," it said.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Cyber Attack, Hacking, Internet, Trojan, malware
Advertisement

Related Stories

Popular Mobile Brands
  1. Here's How Much the Vivo X Fold 5 and Vivo X200 FE Might Cost in India
  2. Tecno Pova 7 5G, Pova 7 Pro 5G Launched in India: Price, Availability
  3. OTT Releases This Week: Kaalidhar Laapata, Thug Life, The Good Wife, and More
  4. YouTube Targets Repetitive Videos in New Monetisation Update
  5. NxtQuantum Arrives as Made in India Mobile OS, to Debut on Its AI+ Phones
  1. Mivi AI Buds TWS Earphones Launched in India With In-Built AI Assistant
  2. Samsung Galaxy Z Fold 7, Galaxy Z Flip 7 First-Party Cases and Screen Protectors Leaked: See Colours
  3. Nvidia Briefly on Track to Become World's Most Valuable Company Ever
  4. iQOO 13 Green Colour Variant Launched in India: Check Price, Availability
  5. Meta Poaches CEO of Ilya Sutskever's Startup in AI Talent War
  6. Google's AI Overviews Hit by EU Antitrust Complaint From Independent Publishers
  7. Baidu’s MuseStreamer AI Video Generation Model Takes on Google’s Veo 3 With Native Audio Support: Report
  8. Chinese Sales of Foreign Phone Makers, Including Apple's iPhone, Drop 9.7 Percent in May
  9. Huawei Watch Fit 4, Watch Fit 4 Pro Launched in India With In-Built GPS, Up to 10 Days of Battery Life
  10. YouTube to Revise Monetisation Policy to Target Mass-Produced and Repetitive Content
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.