Bitcoin sites targeted using old vulnerability in Adobe (Dyreza Malware)DyrezaBitcoin Targets spottedSolution

In its latest post it said that,

Dyreza

Dyreza is a banking malware which is spread through spammed emails.  The emails are sent to victims which contain a Adobe PDF file with a juicy and interesting name.  When the victim clicks on the PDF, it offloads its payload aka Dyreza which is then executed.  Once executed it exploits a old vulnerability in Adobe, CVE-2013-2729 and starts downloading the required files to steal the victims banking credentials.

Bitcoin Targets spotted

Only in this case, the latest targets are Bitcoin related sites.  Bitcoins are a powerful enticer for the cyber criminals both in terms of returns and in terms of anonymity(though it is not that anonymous). TrendMicro notes that users and enterprises are at risk since DYREZA can get other types of data such as personal identifiable information (PII) and credentials via browser snapshots. One of its payloads, the CUTWAIL botnet leads to the download of both UPATRE and DYRE malware.  The Dyre malware is notable for stealing vital information via injecting malicious codes onto certain banking and bitcoin login webpages. Dyre also has abilities to connect and transfer information to its handlers. Some of the bitcoin pages it monitors are: bitbargain.co.uk/* bitbargain.co.uk/login* bitpay.com/* bitpay.com/merchant-login* localbitcoins.com/* localbitcoins.com/accounts/login* www.bitstamp.net/* www.bitstamp.net/account/login* The top country affected thus far from this latest attack are users from Ireland, United States, Canada, Great Britain, and Netherlands.

Solution

TrendMicro Labs states that the only solution against this attack is to update the related softwares and use prudence while opening any attachment.