A new phishing campaign that collects user login credentials and infects users with the Dyre banking Trojan is targeting JP Morgan Chase customers around the world.
Phishing Page + Dyre Banking Trojan
Evidence of this latest campaign was first discovered by corporate security SaaS provider ProofPoint. According to a Thursday blog post and a followup report by Reuters, the attack leverages a fraudulent email modeled after legitimate JP Morgan Chase messages and containing a malicious link.
Users who click on the link are brought to a phishing website, which requests JP Morgan Chase banking credentials and initiates a download of the Dyre banking Trojan in one of two ways. If users enter credentials (and share them with cybercriminals) the site will suggest a fake Java update which serves the malware through an executable file. If users don’t enter credentials, the malware will still attempt to infect as an automated, drive-by download.
Those who are infected with Dyre receive a malware capable of stealing credentials from users who interact with banking sites from the likes of Bank of America Corp, Citigroup Inc and the Royal Bank of Scotland Group Plc.
How to Avoid this Threat
By the numbers, JP Morgan Chase is the the No. 1 US bank in terms of assets. As a result, this campaign will likely affect many people. To avoid this attack and others like it:
Always log into your online banking independently – NOT through email.
This simple practice alone can stop phishers dead in their tracks.
What Should I Do If I Clicked?
Anyone who might have accidentally click on this -or any – phishing link should contact their bank immediately. In addition, anyone who needs assistance is encouraged to contact Emsisoft Support. We provide free malware removal to all who need it, even if they aren’t an Emsisoft customer yet.
Those seeking automated online banking protection are also encouraged to consider the Emsisoft Internet Security pack.
Have a great (phish-free) day!
- Smash & Grab Campaign Targets JP Morgan Chase Customers, ProofPoint Threat Insight
- JPMorgan customers targeted in email phishing campaign, Reuters