A new and potentially very dangerous malware named Scylex has been custom made to infect banks and other financial institutions. It is being distributed as a kit in an underground criminal forum. Details about it showcase that it is built to cause financial crimes on a large scale. Scylex is a complex threat that can potentially cause a lot of damage and has already alerted a number of security experts and companies.
The Features of Scylex
Information on the malware was posted by a researcher from Heimdal Security in Denmark this week. The kit is being sold on Lampeduza, an infamous criminal community where trade for malicious tools occurs. Scylex imposes a hefty 7500 dollars price tag, but its owners can enjoy the following features:
- User-mode rootkit
- Form-grabber
- Web injects
- SOCKS5 reverse proxy with backconnect capabilities
- Works without administrator privileges
- Guaranteed to work even on slow Internet connections
If the malicious users add the sum of 2000 dollars extra, they can get expanded features. Such as the SOCKS5 reverse proxy. Also, Scylex is available in a “premium” package that includes an HVNC (Hidden Virtual Network Computing) module. This is one of the most complex malware features.
The malware-as-a-service model offers regular updates and other extras that can provide the criminal users with powerful tools, useful against corporate targets. The creators of the malware have even published a roadmap of upcoming functionality that is to be added in later versions:
- Form grabber + Injects support on Microsoft Edge & Opera
- Spreader (Social networks, PE Infection, Device propagation)
- Reverse FTP (Silent file system ex-filtration) with backconnect
- ATS-Engine (to-be-integrated into web-injects), we will write our own
- DDoS module (aimed for max efficiency/output like specific DDoS bot)
- Click Bot (CPM/PPC)
No Scylex Attacks Have Been Reported Yet
The malware kit is being sold with a demonstration video against HSBC as an ad which showcases it’s features.
Such custom made solutions can become a very serious threat, especially when they are being produced with such complex feature sets. So far no major attacks using Scylex have been reported. Security experts note that the malware kit is designed for malicious users with advanced technical skills. This means that its effects may be more limited in quantity, but more devastating if executed successfully.
