Trojan uses a technique known as browser hooking to intercept traffic flowing between the victim s machine and the target Web site. The malware arrives in users inboxes through spam messages, many of which will look like messages from a financial institution. The list of targeted banks includes Bank of America, Natwest, Citibank, RBS and Ulsterbank. Researchers at CSIS in Denmark located a couple of the C2 servers and discovered that one of them had an integrated money mule panel for several accounts in Latvia.
Source: https://threatpost.com/dyreza-banker-trojan-seen-bypassing-ssl/106671/