"All that glitters is not gold" The prodigious Shylock man-in-the-browser (MitB) banking Trojan is still being upgraded as part of a campaign to migrate from its traditional targets in UK financial services to foreign ones, Symantec has reported.Malware platforms are constantly evolving but the new Shylock modules wouldn’t sound out of place on a high-end commercial software product.These include a new DiskSpread utility that allows the Trojan to infect external and USB drives, a plug-in for scraping FTP and other passwords, and something called ‘BackSocks’ which turns the compromised PC into a proxy server.Other features include Archiver, a utility for compressing video files so they can be more easily uploaded to a remote server, and a ‘VNC’ facility to give criminals a remote connection to the victim’s computer. There is even MsgSpread, an add-on that gives Shylock a way of spreading itself using Skype connections, a feature that was first noticed in January.Shylock can also load balance, shifting incoming traffic from victims from server to server as demand dictates. What is unusual about Shylock is the extent to which it has favoured attacking a wide range of UK banks since appearing in late 2011. That might or might not explain why every revision of its binaries adds more fragments from the Merchant of Venice – or this could just be a simple way of changing its file signature.Importantly, from roughly last October onwards it started diversifying its aim towards Italy and the US so the national focus could just be a means of exhausting one set of institutions before moving on to less protected targets.“As some financial institutions become less desirable as targets, either due to increased security measures or a lack of high-value business accounts, Shylock is refocusing its attacks on those offering potentially larger returns,” said Symantec. Related content news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe