New Trojan stealing online banking data, warns CERT-In
New Delhi: Cyber-security sleuths have alerted online banking customers in the country against the malicious activity of a deadly Trojan which steals classified data and passwords of a vulnerable user.
"It has been reported that variants of a new banking Trojan dubbed as 'Dyreza' are spreading. The malware mainly targets the customers of well-known financial institutions running Microsoft Windows operating system."
"It propagates by using social engineering techniques or by means of spam messages pretending to be genuine mail received from financial institution containing either a zip or pdf as an email attachment exploiting the vulnerability in unpatched versions of Adobe Reader to download the malware."
"The zip contains a self executing malware which installs itself on the target system on being extracted," the Computer Emergency Response Team of India (CERT-In) said in its latest advisory to users of online banking system.
The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.
The agency said the malware is capable to wreak havoc into a secure system in a number of ways. The Trojan, an unauthorised programme which passively gains control over another system by representing itself as an authorised programme, steals infected bank customers' online banking credentials, can bypass secure protection settings using browser hijacking, can capture keystrokes, perform man-in-the-middle attack to intercept network traffic and communicate with command and control server, the agency said.
Once the spam mail is received by a bank customer, the agency said, it 'entices' the user to download and extract the zip file which then begins its destructive and stealing action.
The Trojan is categorised as 'deadly' as it can acquire as many as ten aliases to evade anti-virus updates.
The said malware performs by injecting malicious code in the web browsers including Chrome, Firefox, Internet Explorer, so that when infected user visits any of the banking sites their credentials are stolen.
The command traffic, after the Trojan is activated in the user network, is first redirected to the malicious server and then to the legitimate banking site thereby copying and stealing proprietary data, the advisory said.
The CERT-In has suggested some counter-measures to safeguard against this Trojan.
"Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats such as vbs, bat, exe, pif and scr files, set Internet and local intranet security zone settings to high, lock out accounts after number of incorrect login attempts."
"Also, limit or eliminate the use of shared or group accounts, do not visit untrusted websites, enable firewall at gateway or desktop level, do not download or open attachment in emails received from untrusted sources or unexpectedly received from trusted users and install and scan anti-malware engines and keep them up-to-date," it said.