You’ve probably run into people who say “I use Skype. It’s good and it’s free.”, or may even be an advocate of it yourself. However, what most people don’t know is that behind this application, sensitive information can be compromised.
A new banking Trojan called Shylock has been upgraded with new functionality: the capability to spread over Skype. Shylock obtains its name by a character Shakespeare’s “The Merchant of Venice”, and was originally discovered back in 2011. This Trojan steals online banking credentials and other financial information from infected computers. The sophisticated Trojan is currently being used in attacks against home banking systems, and the code is constantly being updated, with new features added regularly.
As per the Hacker News and security research from CSIS Security Group, this infectious program over Skype is based on a malicious plugin called msg.gsm. Msg.gsm allows the malware to send messages, transfer files, clean messages and transfers from Skype history, and even bypass the Skype warning for connecting to servers.
Besides the new ability to spread through Skype, Shylock can also spread through local shares and removable drives. Infection by the Trojan allows hackers to steal cookies, inject HTTP into a website, set up VNC, and upload files, among other functions. The program also bypasses the warning and confirmation request that Skype displays when a third-party program tries to connect and interact with the application, so you will never be warned or alerted about this hack.
CSIS has designed and published a map where they show the distribution of Shylock infections all over the globe. There’s a high concentration of victims in the UK. However, there are also many Shylock-infected computers throughout mainland Europe and the US.