light bulb

Did You Know?



Reply
Highlighted
Posts: 12,020
Topics: 830
Kudos: 13,472
Ideas: 7
Registered: ‎02-03-2012

New Variant of Shylock Banking Malware Spread via Skype


Monday, January 21, 2013
Contributed By:
Pierluigi Paganini

9a824a3f55b26adad5431f6715dbec2e

(Translated from the original Italian)

The news is very concerning, a new variant of the banking malware known as Shylock has been detected, it includes the capability to spread over Skype.

Shylock is an old acquaintance for security community, the malware was detected for first time in 2011 by experts from Trustee firm, it is used to steal banking credentials from its victims and is considered one of the most insidious cyber threat for banking.

The first version of the malware demonstrated improved methodology for injecting code into browser to remote control the victim and an improved evasion technique to prevent detection by common antivirus software.

Curiously, the origin of the name for the malware, Shylock is the money lender in Shakespeare's opera The Merchant of Venice.

As many other malware (e.g. Zeus) it has been update in the time, in many cases the provisioning of a malware has been done through the malware-as-service model in adopted by author to implement various requests of the clients.

The news has been published by researchers from CSIS Security Group, that revealed that that the authors of malware have implemented a plugin named "msg.gsm" that allows the code to spread through the popular VOIP client including the following functionality:

  • Sending messages and transferring files
  • Clean messages and transfers from Skype history (using sql-lite access to Skype%smain.db )
  • Bypass Skype warning/restriction for connecting to Skype (using “findwindow” and “postmessage”)
  • Sends request to server: https://a[removed]s.su/tool/skype.php?action=...

 

Full Article

 

TH


 


Webroot® SecureAnywhere™ Internet Security Complete Beta Tester v9.0.11.70 on my main system Alienware 17R2 with Windows 10 Enterprise x64 Version 1607 (Build 14393.82) & HTC One M8 Android 6.0 Marshmallow with WSA Mobile Complete v3.7.1.7660 which is full Cloud now as well!


 Microsoft® Windows Insider MVP - Windows Security


    

Posts: 969
Registered: ‎08-06-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

I do not use Skype much at all, so current this will not affect me. However, I can see how this should be a major concern for all Skype users, and I imagine that Shylock (or some variant) will spread further though a different method.
___________________________________________________________
Corey B.
Protected by Webroot


Create New Trouble Ticket | Account Console | User Guides |

Posts: 1,714
Topics: 55
Kudos: 2,484
Ideas: 6
Registered: ‎02-03-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

Thanks TH for posting. Good read. Smiley Wink

Sr. Expert Advisor


WEBROOT SecureAnywhere™ Internet Security Complete. Beta Tester.


No Wait For Security Updates ~ It's Done In The "Cloud" Continuously 24 / 7 ~ 365.

Late 2015 5K 27" Mac, 4GHz i7, 16GB RAM, 1TB Fusion Drive, El Capitan, 10.11.6 / Windows 7 x64.


 




Posts: 1,677
Topics: 71
Kudos: 777
Ideas: 17
Registered: ‎02-23-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

I guess this nasty malware will spread over the social network very soon. I hate all this Facebook, Twitter, Google+ and Skype including.

Sr. Expert Advisor

Posts: 1,714
Topics: 55
Kudos: 2,484
Ideas: 6
Registered: ‎02-03-2012

Re: New Variant of Shylock Banking Malware Spread via Skype


pegas wrote:

I guess this nasty malware will spread over the social network very soon. I hate all this Facebook, Twitter, Google+ and Skype including.


I agree with you on that. Smiley Wink

Sr. Expert Advisor


WEBROOT SecureAnywhere™ Internet Security Complete. Beta Tester.


No Wait For Security Updates ~ It's Done In The "Cloud" Continuously 24 / 7 ~ 365.

Late 2015 5K 27" Mac, 4GHz i7, 16GB RAM, 1TB Fusion Drive, El Capitan, 10.11.6 / Windows 7 x64.


 




Threat Researcher
Posts: 354
Registered: ‎08-29-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

[ Edited ]

Chat clients have long been a popular attack vector for malware authors, and with Microsoft moving from Messenger to Skype we can expect to see more malware using Skype to spread.

Webroot Threat Research
Posts: 969
Registered: ‎08-06-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

You know, a lot of elderly people use Skype to communicate with their families. I can see where these folks, who do not knwo much at all about computer security, can get in trouble. Many of them use their computer to Skype woith family, and check on their bank and other finicial accounts.

 

Big business for the bad guys.

___________________________________________________________
Corey B.
Protected by Webroot


Create New Trouble Ticket | Account Console | User Guides |

Posts: 1,714
Topics: 55
Kudos: 2,484
Ideas: 6
Registered: ‎02-03-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

Skype came pre-installed on our Toshiba Satellite laptop that my Wife uses. That was one of the many pre-installed programs I uninstalled.

 

Sr. Expert Advisor


WEBROOT SecureAnywhere™ Internet Security Complete. Beta Tester.


No Wait For Security Updates ~ It's Done In The "Cloud" Continuously 24 / 7 ~ 365.

Late 2015 5K 27" Mac, 4GHz i7, 16GB RAM, 1TB Fusion Drive, El Capitan, 10.11.6 / Windows 7 x64.


 




Posts: 1,677
Topics: 71
Kudos: 777
Ideas: 17
Registered: ‎02-23-2012

Re: New Variant of Shylock Banking Malware Spread via Skype


ProTruckDriver wrote:

Skype came pre-installed on our Toshiba Satellite laptop that my Wife uses. That was one of the many pre-installed programs I uninstalled.

 


While you can uninstall Skype and other similar from Microsoft OS you can't do that from Android devices unless it's rooted what's a shame. I have on my Android device preinstalled Facebook, Twitter and others but I can't uninstall them due to the said restriction.

Sr. Expert Advisor

Posts: 7,183
Kudos: 8,003
Registered: ‎10-28-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

As my tagline states... I am here to learn.  So... that means time for what may be a stupid question for some of you.

 

How is the transmission of this obtained in Skype?  Is it able to infect simply by communicating with an infected user, or does it need to be transmitted as part of a link/image/file?


David

         

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"

WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)