14 DAY TRIAL // Shylock, the banking Trojan whose names stems from Shakespeare's “The Merchant of Venice,” is constantly being improved by its developers. According to Symantec, cybercriminals have started adding some interesting new features.
The latest variants of the Trojan rely on complementary modules to enhance its functionality. Once it infects a computer, the malware starts downloading and executing various modules for archiving video files, turning the hijacked computer into a proxy, spreading over non-fixed drives, spreading via Skype, and for collecting saved passwords.
The infrastructure has also been improved, three groups of servers being utilized to make sure the command and control structure is robust.
So far, Shylock – which relies on man-in-the-browser attacks to steal user credentials, and on social engineering tactics to trick victims into performing fraudulent transactions – has been mainly targeting financial institutions from the United Kingdom.
However, over the past months, the cybercrooks have started targeting other countries as well, such as Italy and the United States.
Besides the banking sector, the malware now also targets the finance sector, job websites, credit unions, payment solutions providers, credit card companies and even post offices.