Trojan T9000 Bypasses Antivirus Suites to Spy on Skype Calls, Chats: Report

A newly discovered sophisticated backdoor trojan named T9000 is said to be targeting Skype users. The trojan steals information of a user by recording the conversation and capturing encrypted data. Furthermore, security researchers are warning that T9000 is also able to take screenshots of different applications on the victim’s computer.

T9000 is designed to collect information from the victim’s system by eavesdropping on Skype application, wrote security researchers from Palo Alto Networks. It does so by recording video and audio calls and capturing all the chat messages. T9000 creates a folder called Intel on the victim’s system where it stores all the stolen information.

T9000 is a new variant of the old T5000 malware family. Researchers noted that developers of T9000 have made it harder for a security suite to detect it. The sophisticatedly designed T9000 circumvents as many as 24 potential security suites on a system by altering its installation procedure.

“The malware goes to great lengths to identify a total of 24 potential security products that may be running on a system and customizes its installation mechanism to specifically evade those that are installed,” the team wrote in a blog post. “It uses a multi-stage installation process with specific checks at each point to identify if it is undergoing analysis by a security researcher.”

T9000 has been found targeting organisations in the United States, but researchers warn that the malware’s functionality is intended for a broad range of users. A Skype user needs to be alerted about suspicious activities on their computer. Researchers noted that users must decline explorer.exe’s request to access Skype app, as this apparently facilitates the attack.


Categorized in: