Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects simply to a non-technical, business audience. Over…
Shylock malware refers to any member of the Shylock family of banking Trojans that are characterized by their reliance on browser-based attacks and fake digital certificates in order to intercept network data traffic and inject code into websites of financial institutions.
The first was discovered in February 2011. Due to various references in its code to William Shakespeare’s "The Merchant of Venice", it was named for the character Shylock, an unscrupulous money lender.
The Shylock malware is designed to fool users into divulging login credentials and other account details by disguising itself as a customer service agent.
Some versions of the malware are able to open fake customer service chat windows in infected computers in order to prompt the user into giving up sensitive information. Later versions of Shylock attempted to detect whether users are running on a virtual machine, the standard environment used for virus research, and change its behavior, therefore making analysis more difficult and allowing the malware to spread unhindered for a longer period.
By January 2013, the Trojan had spread through Skype, a popular voice over Internet protocol (VOIP) and instant messaging (IM) application. Shylock outbreaks are localized around the UK region, as compared to other malware which infect randomly. Skype and IM users tend to have contacts that are located in the same locality, and rarely have contacts from other countries.
Skype replication is done through a plugin called msg.gsm, which adds features to Skype. It also allows hackers to execute files, inject HTTP codes into websites, set up virtual network computing (VNC), and even spread to other small drives and update CC server lists as well as upload files.
Techopedia’s editorial policy is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.
What are Tactics, Techniques, and Procedures (TTPs)? Tactics, techniques, and procedures (TTPs) are the strategic plans, methodologies, and actions an...
Margaret RouseTechnology Expert
What is AI Jacking? AI jacking is a new cybersecurity term that explains a specific kind of cyberattack targeting artificial...
Maria WebbTechnology journalist
What is a QR Code Phishing? QR code phishing, also known as quishing, is a type of cyberattack that involves...
Trending NewsLatest GuidesReviewsTerm of the Day