Security Researcher at Symantec have discovered a new version of the Shylock financial Trojan that comes with a cleverly designed configuration file. The Trojan configured such that it can inject attacker-controlled phone numbers into the contact pages of online banking websites.
The Shylock Trojan, named after a character from Shakespeare's The Merchant of Venice, was first discovered in September 2011 and its main purpose is to steal online banking credentials and other financial information.
So, The victim infected by this trojan will make call to attackers instead of the bank if they become suspicious during an online banking session. The victims won't know that it is fake number, unless he realize that he was infected by this malware.
"The numbers being used by the attacker are easy to create online and are disposable. When we attempted to call an injected fake telephone number, we were told the number had changed and we needed to call 08444101010 instead. We attempted to call this new number several times, but it rang without answer.:" Symantec researcher said.
"While the exact motive of the attackers is not clear, we speculate that it is either an attempt to extract sensitive login credentials from victims during a telephone conversation or an attempt to block victims from notifying their bank of a problem with their account, giving the attackers more time to perform activities."
According to analyse report, Trojan.Shylock is specifically targeting UK online banking websites.
