Malware researchers have spotted a new active malware campaign that combines social engineering and malware. So far, the cyber crooks behind it have stolen $1 million.
IBM Security researchers reveal that the Dyre Wolf Malware Campaign’s main targets are businesses using wire transfers to move significant sums of money. The malware is able to bypass even two-factor authentication.
The Dyre Wolf Malware Campaign – Step By Step
The Mass E-mails
It all starts with mass emails, trying to trick users into installing a piece of malware that was first detected last year – Dyre. According to the researchers, the malware strings they have observed were not detected by most AV solutions.
The infected computers then start sending emails to all the people in the victim’s address book.
The Fake Page
IBM Security Intelligence researchers Lance Mueller and John Kuhn explain that as soon as the victim attempts to log-in to a bank website that has been monitor by the Dyre malware (and the list contains hundreds of bank web pages), the infection displays a new screen instead of the corporate website. The page contains a message informing the user about alleged technical issues at the moment and provides a support number. The user is supposed to contact the team that will help him log in.
The Support Number
The cyber crooks went so far that they even provided the same number for each web page and knew when the victims will contact them and the support of which bank to impersonate. This way the whole scheme appears more credible to the non-suspecting users and they provide their banking credentials.
Once the victim hangs up, the wire transfer is complete, and the money is transferred from one bank to another without raising any suspicion. Reportedly, one of the victim organizations of the Dyre Wolf Malware Campaign also suffered a DDoS attack. Experts believe that this was meant as a distraction from the scheme.