Shylock malware refers to any member of the Shylock family of banking Trojans that are characterized by their reliance on browser-based attacks and fake digital certificates in order to intercept network data traffic and inject code into websites of financial institutions.
The first was discovered in February 2011. Due to various references in its code to William Shakespeare’s "The Merchant of Venice", it was named for the character Shylock, an unscrupulous money lender.
The Shylock malware is designed to fool users into divulging login credentials and other account details by disguising itself as a customer service agent.
Some versions of the malware are able to open fake customer service chat windows in infected computers in order to prompt the user into giving up sensitive information. Later versions of Shylock attempted to detect whether users are running on a virtual machine, the standard environment used for virus research, and change its behavior, therefore making analysis more difficult and allowing the malware to spread unhindered for a longer period.
By January 2013, the Trojan had spread through Skype, a popular voice over Internet protocol (VOIP) and instant messaging (IM) application. Shylock outbreaks are localized around the UK region, as compared to other malware which infect randomly. Skype and IM users tend to have contacts that are located in the same locality, and rarely have contacts from other countries.
Skype replication is done through a plugin called msg.gsm, which adds features to Skype. It also allows hackers to execute files, inject HTTP codes into websites, set up virtual network computing (VNC), and even spread to other small drives and update CC server lists as well as upload files.
0 Comments