Shylock malware spreads through Skype

Shylock Trojan is a dangerous cyber infection that steals financial information and gains illegal access to bank accounts. The overall setup of Shylock has received an improvement now that it can spread via Skype and consequently it allows the Trojan to attack and infect devices that have the Voice-over-IP instant messaging client installed. The new function to spread through Skype has been added with a plug-in named “msg.gsm”.

With the new enhancement Shylock sends automated messages via Skype to unsuspecting users. These rogue messages travel along with files that infect the system in case users download and open them. What is more, the files are later on deleted from Skype’s history, making it hard to retrace the infection. Also, msg.gsm allows Shylock Trojan to bypass the warning prompt that appears on Skype whenever a third-party program tries to interact with it.

CSIS partner and security specialist Peter Kruse says that “Shylock is one of the most advanced Trojan-banker currently being used <…>. The code is constantly being updated and new features are added regularly”.

Although the general Shylock Trojan distribution is considered to be an entire world, the overall infection maps shows that most of the attacks are focused on the US, the UK and mainland Europe. With the Skype distribution branch added to Shylock’s setup, the geographic focus can be maintained. It is not the first time that a computer infection starts using an instant messaging program as a mean of distribution. MSN Messenger and Yahoo Messenger have once been (and still are) exploited for malware distribution as well. Keeping in mind that Microsoft will wrap up its MSN messenger service and move on to Skype on March 15th, Shylock made a very calculated move, adding the new plug-in.

However, Skype users are not the only one who should be careful about Shylock. This Trojan can also easily spread through removable rives and local networks. Therefore, it is important to exercise caution at all times.


Leave a Comment

Enter the numbers in the box to the right *