Wednesday, 10 February 2016
Sophisticated Malware – T9000 Backdoor Can Spy On Skype Users And Steal Their Files
Researchers recently discovered a new Trojan malware that can record the audio, video and text communications of Skype users and steal the files on their affected devices. It’s a new variant of the T5000 malware family which was linked to cyber-espionage activities allegedly by the Chinese government.
The T9000 can find a way onto a user’s computer through malicious RTF files. It will launch a multi-stage installation process where it checks for installed security products on the affected computer and finds a way to bypass them. The malware then piggy backs off a legitimate Windows executable, dropping files into the victim’s computer to steal specific types of personal information and files.
For Skype users, the malware will present them with a dialogue box that says “Explorer.exe wants to use Skype (Allow/Deny)”. Once allowed, it will record video calls, audio calls and chat messages and forward them into the cybercriminal who executed the attack.
The malware can also take screenshots of the victim’s desktop. All of these functions have been tested and confirmed by Palo Alto Networks researchers who discovered the existence of the T9000.
“The author of this backdoor has gone to great lengths to avoid being detected and to evade the scrutiny of the malware analysis community,” Palo Alto Networks said in a blog post about the T9000. The malware is particularly advanced given that it can adapt to different situations to ensure that it makes its way onto a targeted PC.
Culled from: LifeHacker Australia