Exploit saves conversations as MP3 files to make detection more difficult, researchers say
Security researchers at Symantec have observed the public availability of source code for a Trojan that targets users of the Skype voice over IP service.
The Trojan has the ability to record audio from the computer -- including any Skype calls in progress -- and store the files locally in an encrypted MP3 file, where they can later be transmitted to the attacker.
The Trojan, which Symantec calls Trojan.Peskyspy, can be downloaded to a computer by tricking the user with an email scam or other social engineering tactic, Symantec says. Once a machine has been compromised, the threat can exploit an application that handles audio processing within a computer and save the call data as an MP3 file.
The MP3 is then sent over the Internet to a predefined server, where the attacker can listen to the recorded conversations, Symantec reports. "Recording the call as an MP3 keeps the size of the audio files low and means there is less data to be transferred over the network, helping to speed up the transfer and avoid detection," the company says.
The Trojan targets Windows API "hooks" -- a technique used to alter the planned behavior of an application, which Microsoft designed for use by audio applications. The Trojan compromises the machine and then uses the hooking technique to eavesdrop on a conversation before it even reaches Skype or any other audio application, Symantec says.
"At the moment, the risk posed by this threat is quite low, and Symantec has not seen any evidence of this spreading at this early time," the researchers say. "However, with source code now publicly available, malware writers can incorporate this type of functionality into their own customized threats."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024