Scylex malware Kit offered for sale in the criminal underground

Experts from Heimdal security firm discovered a new crimeware kit, the Scylex malware kit, that aims to provide Zeus-grade Capabilities.

Security experts from the Heimdal security firm have discovered a new DIY financial crime kit offered for sale on a notorious malicious hacker forum on the dark web called Lampeduza.

The new crime kit, dubbed Scylex malware kit, allows cyber criminals to roll their own ZeuS-like malware. The malware implements the features of common banking trojan, such as stealing online banking passwords, intercept web traffic and of course establish a backdoor on the infected Windows-based machine.

The authors are offering the Scylex malware kit for $7,500+ on the Lampeduza dark web forum, the same forum where card details of the 2014 Target data breach were recently offered for sale.

For an additional $2,000, the buyer can receive the SOCKS5 (Socket Secure) support, which enables attackers to manipulate data transfers between a user’s PC and a specific server through a proxy.

The authors are also offering a “premium” package of the Scylex malware kit that costs $10,000 and includes a HVNC (Hidden Virtual Network Computing) module.

“Hidden VNC is probably one of the most complicated malware features to code and essentially requires coders to implement their own window manager, which is why there are very few unique implementations in the wild (most malware uses a single implementation unimaginatively named HVNC).” states the advertising.

“So far, Scylex hasn’t been spotted in the wild, so the claims made in the advertisement posted on Lampeduza forum can’t be verified at the moment. However, both the video and the detailed description of what this new financial malware can do are strong evidence that the crime kit may indeed be real.” states the post published by Heimdal security.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Scylex malware kit, cybercrime)