Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Scylex malware Kit offered for sale in the criminal underground

Experts from Heimdal security firm discovered a new crimeware kit, the Scylex malware kit, that aims to provide Zeus-grade Capabilities. Security experts from the Heimdal security firm have discovered a new DIY financial crime kit offered for sale on a notorious malicious hacker forum on the dark web called Lampeduza. The new crime kit, dubbed Scylex malware kit, […]

Scylex malware Kit offered for sale in the criminal underground

Experts from Heimdal security firm discovered a new crimeware kit, the Scylex malware kit, that aims to provide Zeus-grade Capabilities.

Security experts from the Heimdal security firm have discovered a new DIY financial crime kit offered for sale on a notorious malicious hacker forum on the dark web called Lampeduza.

The new crime kit, dubbed Scylex malware kit, allows cyber criminals to roll their own ZeuS-like malware. The malware implements the features of common banking trojan, such as stealing online banking passwords, intercept web traffic and of course establish a backdoor on the infected Windows-based machine.

Experts form Heimdal security speculate that crook are trying to replicate the success of the infamous Zeus GameOver threat. Below the statement used by the creators of the Scylex malware kit to advertise their tool:

“The goal is to bring back to the scene what Zeus/SpyEye, Citadel, ZeroAccess left behind, and introduce a brand new solution as well.”

The authors are offering the Scylex malware kit for $7,500+ on the Lampeduza dark web forum, the same forum where card details of the 2014 Target data breach were recently offered for sale.

For an additional $2,000, the buyer can receive the SOCKS5 (Socket Secure) support, which enables attackers to manipulate data transfers between a user’s PC and a specific server through a proxy.

The authors are also offering a “premium” package of the Scylex malware kit that costs $10,000 and includes a HVNC (Hidden Virtual Network Computing) module.

“Hidden VNC is probably one of the most complicated malware features to code and essentially requires coders to implement their own window manager, which is why there are very few unique implementations in the wild (most malware uses a single implementation unimaginatively named HVNC).” states the advertising.

Scylex malware kit

The ad includes a video demo that shows the malware in action, the authors plan to introduce new features such as a DDoS module.

The cyber criminals behind Scylex also claim that they’re working on adding new elements to the brand-new financial malware. Here’s their “roadmap”:

  • Form grabber + Injects support on Microsoft Edge & Opera
  • Spreader (Social networks, PE Infection, Device propagation)
  • Reverse FTP (Silent file system ex-filtration) with backconnect
  • ATS-Engine (to-be integrated into web-injects), we will write our own
  • DDoS module (aimed for max efficiency/output like specific ddos bot)
  • Click Bot (CPM/PPC).

Heimdal Security published the full ad, in a blog post.

Is the Scylex Financial Crime Kit a real threat?

“So far, Scylex hasn’t been spotted in the wild, so the claims made in the advertisement posted on Lampeduza forum can’t be verified at the moment. However, both the video and the detailed description of what this new financial malware can do are strong evidence that the crime kit may indeed be real.” states the post published by Heimdal security.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Scylex malware kit, cybercrime)