Are YOUR Skype chats being watched?

  11 February 2016    Read: 1410
Are YOUR Skype chats being watched?
A malicious computer program is targeting Skype users and listening in to their conversations, security experts have warned.
The Trojan, called T9000, was spotted by experts at Palo Alto Networks, who call it `backdoor malware`.

The researchers also warned it is so sophisticated, it can hide from even the most popular anti-virus software, making it extremely difficult to detect.

For example, Norton, AVG, McAfee, Kaspersky, Trend Micro, Bitdefender and Sophos were all said to have failed to identify the malware during the researcher`s tests.

`The primary functionality of this tool is to gather information about the victim,` warned Palo Alto`s security researchers Josh Grunzweig and Jen Miller-Osborn.

`In fact, the [Trojan`s] author chose to store critical files in a directory named "Intel".`

`T9000 is pre-configured to automatically capture data about the infected system and steal files of specific types stored on removable media.`

Computers become infected by the malware when a user opens a malicious Rich Text Format (RTF) files, software used by popular word document programs such as Microsoft Word.

The Trojan is said to involve what`s known as a multi-stage installation process and checks at each point for any installed anti-virus programs.

The full list of programs that the Trojan scans is available from Palo Alto Networks.

After checking everything, T9000 installs itself and then collects information stored on the infected system, sending it to the hacker`s server.

The malware is said to have spread originally via spear phishing emails sent to organisations in the US.

Spear phishing is an e-mail spoofing fraud attempt that targets a specific group or organisation.

The intent is to steal intellectual property, financial data, trade or military secrets and other personal information.

However, researchers believe this new backdoor malware is so sophisticated it can adapt to be used against any victim that a cybercriminal wishes to hack.

`The author of this backdoor has gone to great lengths to avoid being detected and to evade the scrutiny of the malware analysis community,` added Palo Alto.

The T9000 is a more advanced version of an older backdoor Trojan called the T5000, which was first identified in 2013 targeting the automotive industry.

It was used again in 2014 in an attack using a lure related to the disappearance of Malaysian flight MH370.

Despite Palo Alto observing the T9000 being used in multiple targeted attacks against organisations based in the US, the firm has warned that tool is intended for use against a broad range of users.

Users should be weary of receiving a message that reads: `explorer.exe wants to use Skype` when starting up the chat program.

This indicates a Trojan module has been downloaded and executed.

Security experts are also working to update their anti-virus software and advise people to keep their software up-to-date.

More about:  


News Line