Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
A wiretap Trojan is a type of Trojan virus which records VoIP calls and IM conversations. In the case of VoIP calls such as Skype, the audio data is captured before it can be encrypted and sent over the Internet, and then saved as an MP3 file locally on the infected computer. The messages from an IM application can also be saved to a kind of text file before being encrypted and sent online. The Trojan includes a backdoor to allow the hacker to retrieve the saved files or the Trojan can simply send it to an anonymous address.
Wiretap Trojans are infamous for being used by hackers and government authorities alike since wiretapping, according to government authorities, helps ensure national safety by providing clear intelligence that they can act on immediately if the need calls for it. A wiretap Trojan is like any other Trojan in terms of the way it infects and runs on a host computer, the only difference is its function.
A famous wiretap Trojan example, and possibly the first, is Trojan.PeskySpy which surfaced in 2009, specifically targeting Skype calls and instant messages. This type of Trojan was believed to have been created because of the surge in popularity of VoIP programs, Skype specifically. However, it is believed that the Trojan does not exploit inherent flaws in Skype’s programming but rather intercepts the audio signals by intercepting the messages between the underlying OS API calls to the audio device and Skype itself, and then saving the audio locally as MP3 files. This bypasses the encryption that is done by Skype prior to sending the audio data over the Internet. The Trojan itself creates a backdoor in the infected computer to allow the attacker to send the recorded calls to a predetermined location.
Another major example of a wiretap Trojan is the so-called R2D2 Trojan, also known as 0zapftis, which was believed to have been used by the German government to monitor Skype, IM and VoIP calls of alleged criminals and terrorist suspects in 2011. The use of a Bundestrojaner or federal Trojan is permitted to an extent under German law.