Security experts from the Palo Alto Networks company have discovered a new Trojan aimed at stealing data from Skype for Desktop
. On successful computer infecting, T9000 performs three tasks:
- If Skype program is running, the Trojan records the conversation, audio and video calls, as well as every 20 seconds makes screenshots.
- On all system and removable drives steal documents of various formats (including doc, docx, ppt, pptx, xls, xlsx), herewith doing encrypted copies.
- Tracks the operating system functions such as create/delete/copy/move files or directories, copy to clipboard, encrypt and decrypt data, and others.
It is important to note that at first run of the Trojan, Skype will give out a warning that «explorer.exe wants to use Skype»:
If you receive such message, it is important to press the "Deny access" button. After that, be sure to scan your computer for viruses. Even if you have not received such warning, go to Skype → Tools → Options → Advanced → Advanced settings
, click on "Manage other programs' access to Skype" and make sure that no programs have access to Skype API.
It should still be noted that the Trojan T9000 is distributed through phishing messages in which the user is invited to view a .rtf file. While opening this file the computer become infected, after what the trojan begins to perform "its job". Therefore, remember once and forever — never
run files from unknown or suspicious sources.