Shylock Malware Returns, Refreshed
The Boston-based in-browser security vendor –Trusteer has issued this week a warning the return of “Shylock” (“with a vengeance”); Shylock is a polymorphic financial malware variant which has been discovered by the company last September and that has started reappearing in end-user machines.But you shouldn’t fret, since this malware is primarily aimed at global financial institutions. According to a blog post by Trusteer CTO Amit Klein Shylock got its name from Trusteer who felt it was only appropriate since “every new build bundles random excerpts from Shakespeare’s ‘The Merchant of Venice’ in its binary”. Klein the continued describing this process as follows: “These are designed to change the malware’s file signature to avoid detection by antivirus programs,” wrote Klein.
Klein said in an interview that there are certain hints in Shylock terminology that definitely suggest it is coming from Russia or the Ukraine. But its producer and location remain unsure for now. He then said that they are yet to find the source since: “These are very difficult to track”.
Klein declared that the authors of Shylock are “running a surgical operation” aimed at very specific targets – some payment card providers, a dozen or so large banks and several web mail providers. According to Trusteer, this malicious software amounts to, “customized financial fraud capabilities for the malware, including an improved methodology for injecting code into additional browser processes to take control of the victim’s computer.”
This is not a widespread problem yet, but the company has received some reports from different banks regarding some compromised machines where fraud took place before they had cleaned them.
Klein is under the impression that Shylock has not been seen much in recent months because it was most probably under improvement and development.
He said that “It is malware in progress”. Since the last version, “they keep throwing in new features, and perhaps have decided it’s stable enough to distribute.”
