Dyreza malware steals IT supply chain credentials

The Trojan targets websites of companies that provide order fulfillment, warehouse management, wholesale computer distribution and other services.

Cyber-criminals using the Dyreza computer trojan appear to be shifting gears from online banking and moving into the industrial supply chain.

New versions of Dyreza are configured to steal credentials for order fulfillment, warehousing, inventory management, e-commerce and other IT and supply chain services. This represents a deliberate strategy on the part of attackers to target new industries at all points across the supply chain, researchers from security firm Proofpoint said in a blog post.

"We suspect a financial motivation," they said. "Once an attacker has obtained login credentials for their targeted systems, the potential to harvest payment information, make fraudulent financial transfers, and even divert physical shipments is immense."

Dyreza first appeared in June 2014 and was originally designed to steal online banking credentials by injecting its code into the local browser processes and monitoring login sessions. This attack technique is known as man-in-the-browser (MITB) and is commonly used by online banking trojans.

However, the attackers behind Dyreza have quickly developed an interest in more types of accounts. Over time, the trojan's target list was expanded to include job hunting, file hosting, domain registration, website hosting, tax services and online retail websites. In September 2014, Salesforce.com issued an alert to customers that Dyreza is targeting Salesforce credentials.

Last month, the Proofpoint researchers spotted over thirty new websites in the trojan's hit list. They belong to fulfillment and warehousing service providers; wholesale computer distributors and companies that offer inventory management, credit card processing, print distribution, print management, marketing, information management, storage and other IT services. Shopify, Apple and Iron Mountain are on the list.

"This latest evolution of Dyreza should dispel once and for all the myth that only financial institutions are targeted by credential-stealing MITB attacks from this malware strain."

The trojan is distributed through well-crafted email attacks that include documents with malicious macro scripts embedded in them.

In one example, attackers sent an email masquerading as a secure message from a bank. The attached Word document included the bank's logo and address, the date and what looked like an encrypted block of text. The page also has a "Secured by RSA" logo and the instruction to click on the "Enable Content" button in order to view the message.

Clicking on the "Enable Content" button does not decrypt the text. Instead, it executes the embedded macro script which downloads and installs Dyreza.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?