Dyre Banking Trojan Jumps Out of Sandbox

May 1, 2015

A number of unidentified commercial and freely available sandboxes fail to detect a new version of the Dyre banking Trojan, which was recently blamed for more than $1 million in losses to financial institutions and enterprises.

The new strain of Dyre, also known as Dyreza, uses a fairly new technique to avoid detection that is one of many established ways to elude sandbox protections already in place.

“There are many other ways to do that, some are publicly known and some are not, therefore it will be very challenging for the vendors to address this specific evasion technique,” said Aviv Raff, CTO of Seculert, which yesterday published a report on the Dyre update. “This is why Sandbox alone should not be used for detection of such threats.”