What is Shylock Malware?
Shylock malware refers to each member of the Shylock family of banking Trojans, which are characterized by their reliance on browser-based attacks and fake digital certificates to intercept network traffic and inject code into financial institution websites.
The first was discovered in February 2011. Due to various references in its code to William Shakespeare's "The Merchant of Venice", it was named after the character Shylock, an unscrupulous moneylender.
The Shylock malware is designed to trick users into revealing login and other account details by masquerading as a customer service representative.
Some versions of the malware can open fake customer service chat windows on infected computers to prompt the user to reveal confidential information. Later versions of Shylock attempted to find out if users were running on a virtual machine, the default environment used for virus research, and changed its behavior, making it more difficult to analyze and allowing malware to spread unhindered for a longer period of time.
In January 2013, the Trojan had spread through Skype, a popular Voice over Internet Protocol (VoIP) and instant messaging (IM) application. Shylock outbreaks are localized to the UK region compared to other malware that happens to be infected. Skype and IM users tend to have contacts who are in the same place and rarely have contacts from other countries.
Skype replication is done through a plug-in called msg.gsm, which adds functionality to Skype. Hackers can also execute files, paste HTTP codes into websites, set up virtual network computing (VNC) and even distribute them to other small drives, update CC server lists, and upload files.