A new threat targeting Skype users has been identified. Dubbed T9000, it is a backdoor trojan that is able to infect a victim’s machine to steal files, take screengrabs, and record conversations. According to researchers, the malware uses a multistage execution flow, which starts when victims open an RTF file that contains exploits for specific vulnerabilities. It starts by checking for the presence of cyber defense solutions and malware analysis tools including those offered by most leading suppliers. It collects information on the target system and sends it to its command and control server, and then the control infrastructure sends specific command to the bot based on the identified characteristics of the infected machine.
In addition to the basic functionality all backdoors provide, T9000 allows the attacker, according to researchers, to capture encrypted data, take screenshots of specific applications and specifically target Skype users.
T9000 appears as a hybrid variant of another malware dubbed T5000 that was detected in the wild two years ago.
For further information see Cyber Defense Magazine