Computer security experts from Heimdal Security and CSIS Security Group have come across a new banking Trojan kit called Scylex. The malware is advertised on the dark web. It is yet to be located on a device.
The advertisement for the kit states that Scylex is an entirely new concept. If this is the case, there is great potential in the virus. Banking Trojan developers have lacked originality in the past few years. The Zeus Trojan has been the core point of many programs, based around the same source code. Since the code of Zeus has been studied in detail, the programs with the same core concept are easy to crack.
The hackers behind Scylex are pushing the idea that the original concept would make the Trojan less susceptible to detection. A new code string would need to be examined before anti-malware programs can begin to recognize it. The process could take a while.
The Scylex Trojan kit is offered for $7,500. The software package includes a few features. The core part of the program is a rootkit. The Trojan has modules for stealing data from web forums. There are special features for injecting content into web pages, conducting tasks without having admin privileges and working via slow Internet connections. Finally, the kit provides a SOCKS5 reverse proxy.
The advertisement for Scylex offers a couple of extended packages. For $2,000, the cyber criminals will provide full SOCKS5 support. This allows the proprietor to record data to his own server, using a SOCKS5 proxy.
A premium package for $10,000 provides support for HNVC (hidden virtual network computing). This is an advanced feature, used for creating virtual desktops. A virtual desktop gives hackers access to the victim’s device.
The concept of Scylex is still in the works. The advertisement discloses that additional features will be released later on. There will be support for the Microsoft Edge and Opera web browsers, as well as for reverse FTP. A “spreader” module will be included to assist the distribution of the program. To allow performing transactions from hijacked banking accounts, an AT engine will be introduced. The final feature from the pending list is a DDoS and click-bot module. This will further enhance the Trojan’s penetration capability.