Bitcoin

Dyreza attacks on Bitcoin sites using old Adobe vulnerability

Dyreza attacks on Bitcoin sites using old Adobe vulnerability

Bitcoin websites targeted using old Adobe vulnerability Dyreza Malware.

The old Adobe vulnerability being used by hackers to launch attacks against Bitcoin websites. The attackers are using the old vulnerabilities in Adobe products to inject Dyreza malware in the Bitcoin websites.

Trend Micro Labs in a blog post writes “We recently spotted DYREZA malware leveraging an old vulnerability found existing in Adobe Reader and Acrobat and covered under CVE-2013-2729. Accordingly, once this vulnerability is successfully exploited it could lead to the execution of arbitrary code on the affected system”

What is Dyreza ?

Dyreza is a banking malware known for stealing banking credentials which is spread through spammed emails. The spam emails are sent to victims which contains a malicious Adobe PDF file with interesting name. Whenever the victim clicks on the Malicious adobe PDF file, it offloads its payload ( Dyreza ) which is then executed and exploits an old flaw in Adobe, CVE-2013-2729 and starts downloading the required Malicious files to steal the victims banking credentials.

DYREZA malware uses spam emails that purports to be an invoice notification but actually it is infection vector. It contained a malicious Adobe .PDF file attachment as detected by Trend Micro labs as TROJ_PIDIEF.YYJU. When it is executed, it exploits the adobe vulnerability CVE-2013-2729, which downloads the TSPY_DYRE.EKW, a variant of DYREZA aka DYRE and DYRANGES.

Bitcoin Targets spotted

TrendMicro reports that users and enterprises are at risk since DYREZA can get other types of data such as personal identifiable information (PII) and credentials via browser snapshots. One of its payloads, the CUTWAIL botnet leads to the download of both UPATRE and DYRE malware.

TSPY_DYRE.EKW is notable because of its ability steal important information via injecting malicious codes into certain banking and bitcoin login pages.  Some of the bitcoin webpages that it monitors are:

bitbargain.co.uk/*

bitbargain.co.uk/login*

localbitcoins.com/*

localbitcoins.com/accounts/login*

www.bitstamp.net/*

www.bitstamp.net/account/login*

bitpay.com/*

bitpay.com/merchant-login*

Countries Affected by Dyreza ?

The top countries affected from this latest Dyreza Malware attack are Ireland, United States, Canada, Great Britain, and Netherlands.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

To Top

Subscribe For Latest Updates

Signup for our newsletter and get notified when we publish new articles for free!