New online banking Trojan TrickBot is believed to be a reimplementation of Dyre Credit: IDGNS Cybercriminals have unleashed a new banking Trojan program on the internet and it bears striking similarities to Dyre, a malware threat believed to have been dead for almost a year. The new Trojan is called TrickBot and first appeared in September, targeting users of banks in Australia. After a closer analysis, researchers from Fidelis Cybersecurity believe that it is a rewrite of the Dyre Trojan that plagued online banking users for over a year until the gang behind it was dismantled by Russian authorities. While TrickBot is still a work in progress and doesn’t have all of Dyre’s features, there are enough similarities in their components to suggest that at the very least one served as inspiration for the other. At the same time, there are also significant differences in how some functions have been implemented in the new Trojan, which also has more C++ code than its predecessor. This leads the Fidelis researchers to conclude that TrickBot is a reimplementation of Dyre rather than a continuation of the older project. “It is our assessment with strong confidence that there is a clear link between Dyre and TrickBot but that there is considerable new development that has been invested into TrickBot,” the researchers said in a blog post. “With moderate confidence, we assess that one or more of the original developers of Dyre are involved with TrickBot.” Dyre, which stole tens of millions of dollars from customers of over 1,000 banks, financial institutions and other organizations worldwide, disappeared almost overnight in November last year. It wasn’t until February that Russian authorities confirmed that a few months earlier it raided a Moscow-based film production and distribution company that people in the cybersecurity industry believed was behind the distribution of Dyre. Since there aren’t a lot of details available about the extent of this law enforcement action, it’s very possible that some developers who previously worked on Dyre remained free and teamed up with another group, possibly leading to the creation of TrickBot. It remains to be seen if this new Trojan will reach or even surpass the previous size of the Dyre operation. According to the Fidelis researchers, the TrickBot gang is also trying to rebuild the Cutwail spam botnet which was previously used to distribute Dyre. Online banking Trojans are designed to inject malicious code into financial websites when displayed locally in browsers on infected computers. The rogue code can hijack transactions in the background or ask users for sensitive information, like payment card details which can then be used for fraud. Users should run an up-to-date antivirus program and if able, should perform online banking transactions from a separate dedicated computer, an OS running from a live CD or from a virtual machine. Related content analysis Network teams are ready to switch tool vendors IT orgs feel less locked into their network management tools, particularly as they look to apply AI/ML to tasks such as intelligent alerting, change management, and capacity management. By Shamus McGillicuddy May 20, 2024 4 mins Network Management Software Network Security analysis BGP: What is border gateway protocol, and how does it work? BGP is how the autonomous networks that make up the internet share routing information to find the best route for IP traffic. CISA describes BGP as 'the most important part of the internet you’ve probably never heard of.' By Keith Shaw May 17, 2024 11 mins Routers Internet Network Security feature Red Hat seeks to be the platform for enterprise AI By Maria Korolov May 17, 2024 12 mins Linux Network Management Software news FCC proposes BGP security measures Protecting the Border Gateway Protocol is as important as protecting the border. By Gyana Swain May 17, 2024 4 mins Regulation Network Security PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe