DHS formally sounded the alarm Monday on Dyre, the banking Trojan that s been spotted siphoning banking credentials from large enterprises and major financial institutions. The warning came in the form of an alert from the United States Computer Emergency Readiness Team (US-CERT) The malware is spread through spam and phishing emails, which are now using malicious PDF attachments that leverage vulnerabilities (namely CVE-2013-2729) in old, unpatched versions of Adobe Reader to download the malware. Once downloaded, it captures user login information and sends that on to attackers.
Source: https://threatpost.com/us-cert-warns-of-dyre-banking-trojan/109056/