TrickBot Banking Malware Similar to Old Dyre Trojan

Malware, might based on one of world's most terrible banking Trojans, is at this moment targeting the Australians users. Jason Reaves, malware mangler of Fidelis, says that the TrickBot malware has many codes similar to Dyre Trojan, which is a threat ripped through the Western banks as well as businesses in UK, US, and Australia, causing damages of tens of millions of dollars through many phishing campaigns and spam from June 2014 onwards.

Theregister.co.uk posted on October 18th, 2016, stating that Dyre stole around US$ 5.5 million from the budget carrier Ryanair; and cheated individual businesses around $1.5 million each in the substantial wire transfers by using stolen credentials of online banking.

Fidelis Cybersecurity says that there are sufficient indications as well as similarities between TrickBot and the Dyre for concluding that the team which has designed former is at present working on latter. Jason Reaves, Threat Researcher of Fidelis, says: "from first glance at the loader, called TrickLoader, there are some striking similarities between it and the loader that Dyre commonly used. It isn't until you decode out the bot, that the similarities become staggering."

TrickBot and Dyre use several similar malware componentry, which is called "staggering" similarity by Reaves. The little changes between 2 malware apps code seems to be just upgrades, and not core code.

The researcher indicates similarities that include custom encryptors and loaders, together with close although not the identical hashing, and what looks to be upgraded command as well as control encryption mechanism. They with reasonable confidence assess that one Dyre's original developer or in excess of that were involved with the TrickBot.

TrickBot is not the reincarnation of Dyre; as new trojan got some upgrades over the predecessor. Dyre was coded in C, whereas TrickBot got written in C++. Besides, the new virus for spreading itself also infected the task scheduler of a system, whereas Dyre attacks the system through direct commands. As per Fidelis, the Australian banks are also attacked by face-lifted virus with the help of webinject technique, which is again a departure from Dyre, famous for the URL redirection.

Reaves says that the developers of TrickBot are again rebuilding the Cutwail botnet to get ready for the future spam runs where malware will get spread. It will be exciting to see that whether TrickBot may reach or get pass its predecessor.

» SPAMfighter News - 10/21/2016