­
Banking Trojans Dyre or Dridex Retooled for Data Mining - All Articles - CISO Platform

The evolution of malware is garnering attention from security researchers and law enforcement, as the off-the-shelf banking Trojans known as Dyre and Dridex have now been linked to the theft of massive amounts of corporate and personal data.

DRIDEX or DYRE had become one of the leading banking Trojans, targeting over 240 financial institutions. DRIDEX/DYRE malware is descended from the ZEUS Banking Trojan, developed by Evgeniy Mikhailovich Bogachev, founder of the ‘Business Club’ criminal hacker group. DRIDEX’s rapid development and success may be an indication that the ‘Business Club’ remains in operation, developing and using malware.

DRIXEX is a strain of banking malware that is known for using Microsoft Office macros to infect computers. DRIDEX is used to steal banking credentials and personal information so the attacker can access users’ financial resources such as records and bank accounts.

DRIDEX is descended from the ZEUS family of malware. The DYRE banking Trojan has been particularly active recently with new customers, features and exploits added. In 2015 Wapack Labs reported that DYRE was targeting 242 financial institutions

Eward Driehuis, a director at cybersecurity and threat-intelligence firm Fox-IT who was a featured presenter at Information Security Media Group's Fraud Summit Toronto this week, says cybercriminals are now using Dyre and Dridex to gather data that can help track patterns of human and corporate behavior, which might later be used to help attackers evade network intrusion detection.

"What they seem to be doing is stealing large amounts of data off of infected bots," Driehuis says during this interview with ISMG. "What they are doing with that data, we're not quite sure. But they're collecting terabytes and terabytes of data off of infected machines. And now we've seen them starting to query these big piles of stolen data."

Driehuis says these queries have been focused on gathering information about businesses' and users' interactions with computers that have been infected with the Dyre and Dridex strains. "They're harvesting more and more data about people, which is interesting, because they are building up their data for later use; that's how it seems right now."

Evading Detection

While Driehuis says researchers cannot definitively say what the purpose of this data collection is, he believes the data is being gathered to help cybercriminals figure out better ways to evade standard malware detection. By interacting with accounts and systems in ways that resemble real users, not bots, malware won't be detected by standard network intrusion systems, he explains.

"Malware today is evading typical malware detection," Driehuis says. "What the criminals have now done is devised a way of attacking banks by sending the sessions off to manual [human] operators. So the malware only catches the victim and passes credentials on to an operator. The operator then starts a completely legit session and conducts completely legit transactions. There's nothing strange about these transactons, there's nothing robotic to them and there are not any signs of malware in that session, because it's conducted on the criminal's computer, which is clean and operating perfectly."

References:

http://www.bankinfosecurity.com/malwares-stinging-little-secret-a-8477

http://www.bankinfosecurity.com/anti-malware-c-309

Votes: 0
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events