The Dyre malware campaign returned with nasty new features in the first three months of 2015 causing a spike in infections, Trend Micro has reported.
The company said that infections of the malware on computers rose 125 percent to around 9,000 in in the period from January to March.
Some 39 percent of the infections were in Europe, although North America was only just behind on 38 percent. Infections in Asia-Pacific were lower at 19 percent.
French web users were most at risk. Around 34 percent of all infections in the region were in the country, followed by Germany on 14.5 percent and Spain on nine percent. The UK was fourth with just under nine percent.
Trend Micro said that the malware variant is delivered through spam emails that use scare tactics about taxes, usually relating to VAT, to trick people into opening an attachment that contains the malware.
The new variant, labelled TSPY_DYRE.IK, is particularly nasty as it contains several new functions that allow it to bypass detection, including the ability to disable firewalls and network-related security tools.
Once installed it can carry out a variety of functions, such as man-in-the-middle attacks via browser injections, taking browser screenshots, and stealing personal security certificates and online banking credentials.
Trend Micro also said that the malware switches off Windows’ default anti-malware feature in a bid to make Dyre downloads easier, an example of just how cunning cyber criminals are becoming, according to Bharat Mistry, cyber security consultant at Trend Micro.
“As more users turn to internet banking, cyber criminals are focusing their attention on easy targets for the bigger payout,” he said.
“The quality of the applications and security controls on mobile platforms are still maturing and cyber criminals are seeing these as ‘easy pickings’.
“The criminals carrying out this latest string of attacks are using numerous sophisticated techniques. The resulting banking credentials theft is the focus and is ultimately what is used to illicitly transfer money from victims’ accounts.”
Trend Micro urged internet users to remain on their guard against emails relating to tax and other banking issues and to be wary of clicking on any attachments.
Dyre first hit the headlines last year when Salesforce warned customers that they were being targeted by the malware.
Users are told that their non-existent 'iPhoneID' is expiring soon
Expansion of SDK intended to expand Amazon Alexa ecosystem
Locky returns from a prolonged rest with two new variants
AMD lambasted over Radeon RX Vega pricing that will add an extra £100 to RX Vega 56 and 64 graphics cards
Company accused of failing to tell anyone that the launch prices were only introductory offers