The Dark Web is a place where anything can be found. Oftentimes, cyber criminals will find malware to buy for the right price for their specific hack. A popular target for cyber criminals has always been financial institutions. History is loaded with cases of hackers using malware to rip off banks for large sums of cash. This specific class of malware, called banking trojans, may have a new addition soon. Reports have emerged from the Dark Web about adverts for a banking trojan named Scylex, which was uncovered by researchers at Heimdal Security.
In a blog post, Heimdal Security posted the advertisement from the mysterious seller that stated,"Scylex? It’s not a copy of ZBerp like the rest of the market. It is a banking Trojan written 99% from scratch in C++. The goal is to bring back to the scene what Zeus/SpyEye, Citadel, ZeroAccess left behind, and introduce a brand new solution as well." The basic premise behind the banking trojan is to allow an all-in-one package for an assault on banking systems. Scylex abilities include form-grabbing, DDoS (via a soon-to-be-added DDoS module), working quickly even with slow bandwidth, and manipulating PC-to-server data transfers via SOCKS5 proxy.
Even though this report has indicated a potentially devastating form of bank trojan, there is a possibility that Scylex is not operational yet (or even real). The Heimdal Security report notes that "so far, Scylex hasn’t been spotted in the wild, so the claims made in the advertisement posted on Lampeduza forum can’t be verified at the moment." Although there is a possibility that Scylex may be a scam to get gullible script kiddies to purchase bunk software, the evidence still shows, especially the intricate description of the malware, that Scylex is in fact a real threat.
Heimdal Security warns that this new strain of malware can cause a massive crisis, noting that "banks and other financial institutions could once again come face to face with a cyber threat capable of creating mayhem." Ultimately, security researchers should add Scylex to their list of existing and potential banking trojans.