A Trojan dropper malware that’s been active since early 2011 has recently developed features that make it currently undetectable via remote connections.
Shylock, named after the ruthless money lender in Shakespeare’s ‘The Merchant of Venice’ steals bank information from compromised computers. The malware initially infects, like many, through phishing emails or drive by downloads before injecting browsers with a code that records keystrokes. Shylock then simply sits idle until the user visits one of the targeted sites.
The malware rewrites windows processes and conceals itself in the endpoint of the device’s memory. Originally detected back in February of 2011, recent versions of the Trojan have been developed to avoid detection from remote connections, the chosen method for many security researchers.
Altering coding to elude remote desktop software is a new method for concealing presence. Previous techniques have included monitoring mouse movements, network scanning and sandbox mechanisms.
Malware authors know it’s only a matter of time before security researchers develop the tools to detect the supposedly ‘undetectable’.