This article is more than 1 year old
DIY bank account raiding trojan kit touted in dark web dive bars
Roll-your-own-malware kit Scylex offered for seven large
Cybercrooks are touting a new DIY financial crime kit that lets you roll your own ZeuS-like software nasty.
The Scylex malware kit can be used to build malicious code that, once running on a victim's Windows PC, snoops on online banking passwords, intercepts web traffic and opens a backdoor granting full control over the machine.
The gear is priced at $7,500+ in new adverts seen in underground crime forums. The banking trojan toolkit was advertised on Lampeduza, a dark web forum where card details from the 2014 Target data breach were recently sold.
Scylex aims to continue the Gameover Zeus legacy, but without reusing any code from the earlier cybercrime utilities.
"The goal is to bring back to the scene what Zeus/SpyEye, Citadel, ZeroAccess left behind, and introduce a brand new solution as well," as the unknown crooks behind the malware explain it.
The cybercrook tools are said to feature multiple functionalities – rootkit, form-grabber and web injects – as well as a development roadmap. For an additional $2,000, would-be crooks get access to SOCKS5 (Socket Secure) support, which enables attackers to manipulate data transfers between a user's PC and a specific server through a proxy. A "premium" package costing $10,000 adds a hidden virtual network computing (HVNC) module. The ad features a demo video of the malware in action.
Future capabilities on the roadmap include a DDoS module and a click bot for ad fraud.
It's a convincing and detailed pitch. Although the real capabilities of Scylex remain as yet unconfirmed, the danger it potentially represents is being taken seriously by security researchers. The full advertisement is reproduced in an alert by Heimdal Security here.
"So far, Scylex hasn't been spotted in the wild, so the claims made in the advertisement posted on Lampeduza forum can't be verified at the moment," writes Andra Zaharia, marcom manager at Heimdal Security.
"However, both the video and the detailed description of what this new financial malware can do are strong evidence that the crime kit may indeed be real." ®