Job seekers beware. A login-credential-stealing Trojan is trying to steal your email address and password when you access CareerBuilder.com.
We recently reported on the evolution of Dyre as observed by ThreatTrack Security Labs. The latest developments to this data-stealing Trojan, also known as Dyreza, is an expanded list of targeted sites, including the addition of several more financial institutions and CareerBuilder.com, a leading job search site.
Users with infected PCs logging on to CareerBuilder.com are at risk of having their email addresses and associated passwords stolen. Cybercriminals deploying Dyre can potentially use this information to either access users’ accounts to collect additional personal information or use email addresses and associated passwords in attempts to break into other online accounts – assuming that many users continue to re-use the same password for multiple accounts and online services. Moreover, the personal information available through a resume (address, phone numbers, previous employment, etc.) can be packaged and leveraged for convincing phishing schemes.
The latest list of sites targeted by Dyre is available here.
Click here for a dynamic malware analysis of a recent Dyre sample.
Defend Yourself Against Dyre
Ensure your antivirus is up-to-date to protect yourself from malicious threats. VIPRE detects Dyre as Win32!MalwareDrop.
Make sure you know how Dyre is being distributed, most commonly by malicious spam as reported here. Consumers should always be cautious about what they click in email, and if there is any doubt about a warning, special offer or request for private information, contact the bank, retailer or service provider directly by phone to confirm.
Credit: Matthew Mesa, Malware Researcher, ThreatTrack Security Labs
The post Dyre Recruiting CareerBuilder.com Users appeared first on ThreatTrack Security Labs Blog.