A new Trojan is targeting Skype users. This malware is capable of copying information from user's PC, recording Skype conversations and taking screenshots of the desktop.
Security researchers at Palo Alto Networks identified Trojan T9000, a modified version of the first backdoor T5000 malware family discovered in 2013 and 2014, lurking in Skype files. The malware lurks inside a file within the Skype folder and is capable of peeping into other data stored on the device and copying them to their "C&C server".
"T9000 allows the attacker to capture encrypted data, take screenshots of specific applications and specifically target Skype users," Josh Grunzweig and Jen Miller-Osborn of Palo Alto Networkss said in a research note. Microsoft, which owns Skype, is yet to comment on the discovery of the new Trojan.
According to the researchers, T9000 has evolved over time to counter existing anti-virus and anti-malware software. It apparently uses unconventional ways of a complicated anti-analysis technique to get access to user data like files, media, passwords, usernames and other information.
"The malware goes to great lengths to identify a total of 24 potential security products that may be running on a system and customizes its installation mechanism to specifically evade those that are installed. It uses a multi-stage installation process with specific checks at each point to identify if it is undergoing analysis by a security researcher," Palo Alto Networks said.
The researchers have recommended users to avoid clicking on any link by the name "explorer.exe" to use Skype.
The products mentioned in the report that failed to identify the Trojan are:
- Trend Micro