Shylock refers to a family of malware that relies on browser-based man-in-the-middle (MITM) attacks and fake digital certificates to intercept network traffic and inject code into banking websites. The Shylock malware was first discovered in February 2011 and derives its name from references in the code to Shakespeare’s The Merchant of Venice.
The Shylock malware code is designed to trick customers into providing banking login and account details to hackers instead of to the bank’s customer service department. Some Shylock strains even have the ability to open a fake customer service chat window on an infected computer to enable cybercriminals to prompt the user for their sensitive account information.
Newer strains of the Shylock malware have added the ability to detect whether the malware is running in a virtual machine (VM) that’s being analyzed by malware researchers. The Shylock malware does this to help make analysis more difficult and avoid detection by security researchers.
Virtual machines are frequently employed by security teams to test programs in simulated environments to more easily detect malicious behavior. When the Shylock malware detects it is being run in a virtual environment, the code will shut down the program.
Featured Partners Sponsored
- Increase worker productivity, enhance data security, and enjoy greater energy savings. Find out how. Download the “Ultimate Desktop Simplicity Kit” now.»
- Find out which 10 hardware additions will help you maintain excellent service and outstanding security for you and your customers. »
- Server virtualization is growing in popularity, but the technology for securing it lags. To protect your virtual network.»
- Before you implement a private cloud, find out what you need to know about automated delivery, virtual sprawl, and more. »