Proof-of-Concept Trojan Targets Skype Users

Researchers at TrendLabs have reported the presence of a newly released Proof-of-Concept (PoC) trojan that listens and records your Skype conversations.

Confirmation of the release of this Trojan horse called Trojan.Peskyspy that records VoIP communications, specifically Skype calls comes from Symantec.com. They sympathetically call it the “wiretap Trojan”.

When the trojan is executed, the DLL component hooks up Skype’s send and recv APIs, just before Skype encrypts the out-going call. This permits the Trojan to save the information in a mp3 audio file. Given that MP3 files are light-weight files, it becomes easy for these files to be transferred to the hackers servers for listening.

Both TrendLabs and Symantec admit this Trojan poses no threat as of the moment, but it is advisable not to give sensible information when conversing online.

The strange part of the story is that the Trojan code is publicly available for all. It sounds like an open source trojan.

Sources:

• Trojan.Peskyspy—Listening in on your Conversations
• Trojan Targets Skype Users