Skip to main content

Skype attacked by new trojan: the T9000

A new highly advanced backdoor trojan that is targeting Skype users has been discovered by researchers at Palo Alto Networks. It is able to evade a user's security software and has been dubbed the T9000.

Josh Grunzweig and Jen Miller-Osborn, two researchers at Palo Alto Networks, gave this new trojan the name T9000 because it is an updated version of the T5000. The T9000's purpose is to obtain information on its victims by stealing encrypted data and taking screenshots of users' applications. It is much more advanced than previous backdoor trojans because it uses a multi-stage installation program and is quite diligent in checking to see if it will be detected by a users system. The T9000 has a list of 24 different security software products that it looks for during its installation.

Recently, many businesses have begun to use Skype due to its ease of use and the way in which it simplifies face to face video calls and video conferencing. The cybercriminals behind the T9000 trojan have taken note of the software's new found popularity in enterprise and have designed it around targeting large organisations.

The T9000 is not just stealing user data from businesses and Skype users, it is also taking photos and saving audio. Periodically the trojan will take pictures during video calls to add even more information to its arsenal as well as recording the audio of calls and saving it as .wav files.

Large businesses and the software they use will always be the targets of cybercriminals and their attacks. Luckily by identifying the T9000 and the nature of its attacks early on, Skype users will be aware of the trojan and will be able to take the necessary precautions to prevent it from infecting their systems.

Image source: Shutterstock/wk1003mike

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.