New online banking Trojan TrickBot is believed to be a reimplementation of Dyre Credit: IDGNS Cybercriminals have unleashed a new banking Trojan program on the internet and it bears striking similarities to Dyre, a malware threat believed to have been dead for almost a year. The new Trojan is called TrickBot and first appeared in September, targeting users of banks in Australia. After a closer analysis, researchers from Fidelis Cybersecurity believe that it is a rewrite of the Dyre Trojan that plagued online banking users for over a year until the gang behind it was dismantled by Russian authorities. While TrickBot is still a work in progress and doesn’t have all of Dyre’s features, there are enough similarities in their components to suggest that at the very least one served as inspiration for the other. At the same time, there are also significant differences in how some functions have been implemented in the new Trojan, which also has more C++ code than its predecessor. This leads the Fidelis researchers to conclude that TrickBot is a reimplementation of Dyre rather than a continuation of the older project. “It is our assessment with strong confidence that there is a clear link between Dyre and TrickBot but that there is considerable new development that has been invested into TrickBot,” the researchers said in a blog post. “With moderate confidence, we assess that one or more of the original developers of Dyre are involved with TrickBot.” Dyre, which stole tens of millions of dollars from customers of over 1,000 banks, financial institutions and other organizations worldwide, disappeared almost overnight in November last year. It wasn’t until February that Russian authorities confirmed that a few months earlier it raided a Moscow-based film production and distribution company that people in the cybersecurity industry believed was behind the distribution of Dyre. Since there aren’t a lot of details available about the extent of this law enforcement action, it’s very possible that some developers who previously worked on Dyre remained free and teamed up with another group, possibly leading to the creation of TrickBot. It remains to be seen if this new Trojan will reach or even surpass the previous size of the Dyre operation. According to the Fidelis researchers, the TrickBot gang is also trying to rebuild the Cutwail spam botnet which was previously used to distribute Dyre. Online banking Trojans are designed to inject malicious code into financial websites when displayed locally in browsers on infected computers. The rogue code can hijack transactions in the background or ask users for sensitive information, like payment card details which can then be used for fraud. Users should run an up-to-date antivirus program and if able, should perform online banking transactions from a separate dedicated computer, an OS running from a live CD or from a virtual machine. Related content opinion Can your cloud backup provider fail? Cloud backup providers aren’t infallible. Be sure to ask hard questions of providers about their storage redundancy, geo-replication, data integrity measures, and disaster recovery capabilities. By Curtis Preston Apr 19, 2024 7 mins Backup and Recovery Cloud Computing Data Center news Cisco marries AI and security with cloud-based data center offering Cisco announces AI-based Hypershield, a self-upgrading security fabric that's designed to protect distributed applications, devices and data. By Michael Cooney Apr 18, 2024 5 mins Network Security Data Center how-to Shredding files on Linux with the shred command The shred command is a good option for removing files from a Linux system in a way that makes them virtually impossible to recover. By Sandra Henry-Stocker Apr 18, 2024 4 mins Linux news Intel announces edge AI processors New edge-optimized processors and FPGAs will power AI-enabled devices in vertical industries including retail, industrial and healthcare. By Andy Patrizio Apr 18, 2024 3 mins CPUs and Processors Edge Computing PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe