New slicker Shylock Trojan hooks into Skype

The Shylock banking Trojan has been revamped with extra features that allow the malware to spread using the chat function of Skype, the popular Voice over IP application.

Shylock can now roam the Skype network thanks to a new propagating plugin called “msg.gsm”. This component also adds functionality including the ability to send messages and transfer files using Skype, the ability to bypass Skype warnings and restrictions as well as the facility to clean messages and transfers from Skype history.

Beside the new ability to spread through Skype, Shylock can also spread through local shares and removable drives. Infection by the Trojan allows cybercrooks to steal cookies, inject HTTP into a website, setup VNC (allowing remote control of compromised desktops), and upload files, among other functions.

Read more: New slicker Shylock Trojan hooks into Skype • The Register

Thanks :-TU
seems everyday brings more threats :frowning:
I personally went right off skype when Microsoft bought it, but thats another story…

Indeed. How come? Share plz :slight_smile:

Most users are still under the impression skype calls are private…

Thanks. Very good info. I use Skype very rarely now since the ransomware issue.

Thanks. Very good info. I use Skype very rarely now since the ransomware issue.

It’s a shame as it was a near perfect app

Does anyone know whether CIS can detect and ‘stop’ the Shylock Trojan? I searched for “msg.gsm” on the Comodo main page, but it provided no results.

Microsoft has replaced their messenger with Skype, so that just increases the user base to be infected.

Skype is a trusted vendor when using CIS… will this trojan will have “authorized” access because of that? Will CIS keep protecting us even when Skype is automatically trusted?

Very good Q. No Comodo AV will stop it once it gets to your system if Comodo did add a signature for it.

Having said that: “Shylock is one of the most advanced Trojan-banker currently being used in attacks against home banking systems,” wrote Peter Kruse on the CSIS blog. “The code is constantly being updated and new features are added regularly.” So a new form of it might not get detected. Let’s hope that heuristics can stop it.

Edit: Also trusted or not. Comodo firewall will let you know if Skype is behaving strangely so is Def+. But first you must get infected it’s not like it’s in the auto-mode running by itself.

Thats why relying in detection as a way of “defense” its not good

How will that happen?

True. With such infection it would prob ‘call home’ which will create a firewall alert. As for Def+ anything which will try to modify your system.

Thanks for your answers. :-TU