Home Malware Programs Trojans Dyranges

Dyranges

Posted: March 6, 2015

Dyranges is a banking Trojan: a Trojan designed to intercept your bank account information. Although the list of bank company sites targeted by Dyranges is smaller than that of 'publicly-available' threats like Mebroot, Dyranges is just as capable of causing long term financial problems for its victims. As with all high-level threats, removing Dyranges should include using suitable anti-malware strategies and software, particularly since malware experts have seen Dyranges using randomized and inappropriate file names.

A Browser Infiltrator with Eyes on Your Money

Dyranges, sometimes identified by the aliases Dyzap and Dyre, is a banking Trojan previously seen in 2014, with its campaigns extending into the new year. Dyranges sometimes is installed by spam messages sent from another Trojan, Cutwail. Typical installers for Dyranges Trojans are disguised links to files in cloud storage services, such as Dropbox. In some cases, other threats, such as Upatre Trojan downloaders, also are involved.

Like some other banking Trojans malware researchers have noted, Dyranges is modular in build, meaning that Dyranges may change its capabilities with the addition or removal of extra, contained modules. Previously, this structure has been used to upgrade Dyranges's communication infrastructure by providing encryption to newer releases of the threat. Nonetheless, Dyranges's dominant feature is its ability to intercept your bank account data through your Web browser, which Dyranges implements with separate function-hooking attacks for Chrome, Firefox and IE.

Throughout its lifespan, Dyranges has targeted between two and three hundred individual bank institutions for the purpose of hijacking their customer accounts. After unintentionally installing Dyranges, its victims have their passwords and other login data collected by Dyranges as they enter it in the appropriate website forms.

Unveiling the Trojan Thief Hiding Beneath Google

Some means by which Dyranges uses to protect itself from deletion, such as the use of random file names and inappropriate file locations, are relatively generic. However, most versions of Dyranges also conceal themselves with fake Google Update services. Since Dyranges's browser-hooking function collects information without showing any notable symptoms, any visual identification of Dyranges is unlikely, in most cases. Proactive anti-malware scans should be able to identify suspicious behavior and software changes related to Dyranges, and you should entrust the same anti-malware tools with removing Dyranges.

Malware experts warn that Chrome, Internet Explorer and Firefox all are vulnerable to attacks from Dyranges, which implements specific attacks for each of these browsers. Others, such as Opera and Safari, have yet to be included in Dyranges campaigns, although other banking Trojans have shown capacities for targeting them. Because of the flexibility provided by Dyranges from its related modules, you should be particularly attentive to any database updates that could let your anti-malware tools identify Dyranges with greater accuracy than previously. Some of Dyranges's self-defenses also vary between versions, which may increase or decrease the degree of difficulty involved in disinfecting your computer.

Loading...