- Apr 25, 2013
- 5,355
- Content source
- http://www.net-security.org/malware_news.php?id=2861
Late last Friday, global cloud-based CRM provider Salesforce has sent out a warning to its account administrators about its customers being targeted by the Dyreza malware.
"On September 3, 2014, one of our security partners identified that the Dyre malware (also known as Dyreza), which typically targets customers of large, well-known financial institutions, may now also target some Salesforce users," the alert said. "We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation. If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance."
Dyreza is a whole new banking trojan family, which was first spotted earlier this year targeting customers of US and UK banks.
"The code is designed to work similar to ZeuS and as most online banking threats it supports browser hooking for Internet Explorer, Chrome and Firefox and harvests data at any point an infected user connects to the targets specified in the malware," CSIS researcher Peter Kruse shared at the time.
The malware effectively performs a Man-in-the-Middle attack and, in this case, intercepts the information submitted by users - username, password, and even their two-factor authentication token - by redirecting them to a spoofed Salesforce login page.
The company does not mention how the malware infects the targets' computer, but if past approaches are any indication, users are targeted with phishing emails carrying or linking to the malware, which masquerades as a legitimate application.
Salesforce has instructed account administrators to check with their IT security team it the AV solution they use is capable of detecting the Dyre malware, and to contact them if they believe they have already been infected.
"On September 3, 2014, one of our security partners identified that the Dyre malware (also known as Dyreza), which typically targets customers of large, well-known financial institutions, may now also target some Salesforce users," the alert said. "We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation. If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance."
Dyreza is a whole new banking trojan family, which was first spotted earlier this year targeting customers of US and UK banks.
"The code is designed to work similar to ZeuS and as most online banking threats it supports browser hooking for Internet Explorer, Chrome and Firefox and harvests data at any point an infected user connects to the targets specified in the malware," CSIS researcher Peter Kruse shared at the time.
The malware effectively performs a Man-in-the-Middle attack and, in this case, intercepts the information submitted by users - username, password, and even their two-factor authentication token - by redirecting them to a spoofed Salesforce login page.
The company does not mention how the malware infects the targets' computer, but if past approaches are any indication, users are targeted with phishing emails carrying or linking to the malware, which masquerades as a legitimate application.
Salesforce has instructed account administrators to check with their IT security team it the AV solution they use is capable of detecting the Dyre malware, and to contact them if they believe they have already been infected.
