• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Write for Us
  • Contact
  • Advertise
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Do Not Sell My Personal Information
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Dyre Trojan also steals client certificates and browser cookies

Updated on Sep 21, 2014 by Guest Authors

As if the recent theft of Salesforce.com credentials were not enough, the Dyre Trojan is on another spree of attacking financial institutions and big companies by stealing their client certificate and browser cookies. At risk: legitimate users could lose their unique identity to attackers who might use those pieces of data to log in to online accounts as if they were legitimate owners of those accounts.

Adallom, a software security firm, has discovered this strain of the Dyre banking Trojan, which was also responsible for a recent hacking of Salesforce credentials. After a thorough analysis of Dyre’s activities, security researchers at Adallom concluded that the Trojan is targeting the configuration of the log-in forms of large banks and corporations.

dyre-trojan

A couple of days ago, Salesforce.com warned its customers of a very likely data breach of their accounts. The method used for spreading the Trojan is very familiar, yet many could find hard to distinguish: spam and phishing emails that contain links, which no doubt infect a computer once clicked. Another method through which hackers perpetrate their crime is by loading a generic module to copy POST data from a browser and transmit that data to their command and control server. Although hackers do not inject code through this method, they are able to send to the attacker large volumes of text data that includes credentials.

An attacker also directs traffic to his server through man-in-the-middle attack for URLs that are specifically on his target roster, and a browsersnapshot feature enables the stealing of cookies and client certificates and private Windows Certificate keys for the databases of Microsoft and Firefox. A target browser, for example, is maneuvered in order for the attacker to then inject code into a certain session. What is more dangerous is this kind of attack shuns detection by SSL protocol. You would not know what to do then.

It’s kind of weird, however, that hackers are using such malware functionality since client certificates are rarely used by banks. As to why attackers recently targeted Salesforce.com points to the fact that the website was potentially meant to be an attack vector. However it is hard to know what the hackers wanted to expose to the black market by attacking Salesforce.com.

Of course such data as email or any other services in the website are of no particular interest to them. In fact, no login details were discovered on a target list by hackers which they can attack by injecting certain configurations. Those targets include large banks in the UK. On the other hand, the Salesforce targeting code was found on a proxy server that attackers wield to attack websites according to an unknown criteria.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

Brigii Mini Vacuum Y120 Pro Review – Much More Useful than Expected

Keychron K4 Wireless Mechanical Keyboard Review – The Biggest & The Best?

GuraGear Chobe 2.0 Everyday Carry Bag Review

AuthenTrend AT.Wallet Fingerprint Cryptocurrency Wallet Review – The Coolest One You Can Buy

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Brigii Mini Vacuum Y120 Pro Review – Much More Useful than Expected
  • Samsung Galaxy S21 Ultra Model Number SM-G998* Differences
  • Samsung Galaxy S21+ 5G Model Number SM-G996* Differences
  • Samsung Galaxy S21 5G Model Number SM-G991* Differences

Copyright © 2021 · All Rights Reserved