14 DAY TRIAL // In the first quarter of 2015, the number of infections caused by the Dyre banking malware increased by 125%, the users targeted being located mostly in Europe and North America.
Information from security company Trend Micro about the rise in Dyre infections reveals 9,000 compromises in the first quarter of the year, compared to 4,000 recorded in the last quarter of 2014.
Crooks take aim at users in APAC countries, too
The group behind the malware started to expand its activity to more regions of the globe and deployed a new malicious email campaign with a new variant of the threat, delivered by a fresh strain of Upatre downloader.
In the first week of May, security researchers observed a rise in the spam volume directed to individuals in Asia Pacific countries, 44% of the emails being sent to this region.
During the same interval, 39% of the emails targeted users in Europe and 17% those in North America. However, telemetry data from the company shows that over the last three months, Europe and North America represented the interest of cybercriminals, the two regions receiving 39.48% and 37.84% of Dyre-related spam, respectively.
Trend Micro warns in a blog post published on Tuesday that “since cybercriminals are already making the move to expand globally, they can potentially spew out more regionalized messages for their next spam runs.”
New Upatre variant spotted
Dyre is distributed via spam email purporting to be some sort of financial communication the recipient has to address immediately; the researchers observed that JPMorgan Chase customers are the intended victims.
The message comes with a malicious file in the attachment. The fake document delivers Upatre, which, in turn, delivers Dyre banking Trojan.
According to the researchers, the latest variant of Upatre downloader gained new capabilities that allow it to bypass detection from firewalls or other network-related products on the system. This is achieved by changing registry entries, terminating services and disabling Windows Defender, the default antivirus on Windows.
