A nasty, credential-stealing malware known as Dyreza (or Dyre for short) has been updated to target Windows 10 and the Edge browser. This malware is also sold as a “cybercrime-for-hire” service and has been found to target Salesforce users and banking customers. Recently, it was discovered to have been adapted to steal credentials from several supply-chain businesses.
Dyre will latch onto browser processes and use the elevated privileges to monitor for connections to specific domains, and collect credentials as you type them in. This kind of attack is commonly known as “man in the browser.”
So how do you know if you are infected? According to Microsoft, if you are prompted by your firewall to allow higher access privileges to programs such as explorer.exe and svchost.exe, you have been infected. Microsoft also says if you find the following files in Windows, you are infected by this vicious trojan:
- %APPDATA%\local\[random alpha numeric characters].exe
- %APPDATA%\local\[random alpha numeric characters].exe
One way to stay secure is to install security updates for Windows 10 and Microsoft Edge via Windows Update as they become available. Keep in mind that Dyre also targets Chrome, Firefox, and Internet Explorer, regardless of what version of Windows you are using. We’ll have more on this as it develops.
