Shylock malware has taken a hit from Europol


by Jimmy Nicholls| 11 July 2014

Those who bank in the UK are now that little bit safer.

Europol has seized control of domains and servers being used to propagate Shylock malware used against banks around the world.

Also known as Caphaw, the malware is claimed by the international police group to have infected at least 30,000 computers running Windows worldwide, with the UK being the prime target.

Andy Archibald, deputy director of the National Crime Agency's (NCA) cyber crime unit, said: "The NCA is coordinating an international response to a cyber crime threat to businesses and individuals around the world.

"This phase of activity is intended to have a significant effect on the Shylock infrastructure, and demonstrates how we are using partnerships across sectors and across national boundaries to cut cyber crime impacting the UK."

Shylock works by intercepting online banking activity to steal credentials, with the gang who exclusively control it likely based in Russia or eastern Europe, according to security firm Symantec.

"The attackers have a professional attitude and Shylock has been continually updated in response to security countermeasures employed by targeted banks," it said.

Hackers are said to have used a variety of tactics in distributing the malware, including malvertising, fake web browser updates and emailing infected PDF attachments.

Yet Symantec believe the main source of infection is exploit kits such as Blackhole or Styx, which allow hackers to deliver malware on a local basis.

The UK is believed to have been targeted by the group due to its relatively small number of banks and high rate of online banking, though countries such as Italy, the US and Turkey have also been affected.

"Since the attackers have to tailor the malware to perform attacks on individual banks, this makes the UK market doubly attractive," Symantec added.

It estimates the gang has stolen several million dollars since the creation of the virus in 2011, with more than 60,000 infections detected within the last year.

Source: Company Press Release

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

791 people like this.
2236 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.