Shylock is a family of malwares that depends on browser man - in - the - middle attacks . Man – the – middle attacks by which the attacker clandestinely relays and possibly changes the communications between two parties who think that they are communicating with each other. It uses digital certificates that have been faked so that it can head off and place in codes into banking websites. It was created to fool customers so that they can give banking details to hackers instead to the customer service of the bank. There are some types of this malware that have capabilities of opening fake customer chat windows on computers that have been compromised. This allows cyber attackers to get pertinent information from their accounts. Newer strains of this malware have the capability to find out whether the malware is running on a virtual machine that is being examined by malware researchers. This way the Shylock malware becomes more difficult to analyze and it does avoid being detected by security researchers.
It is not as popular as other malwares but it does not make it less dangerous. It has a set of malicious methods that it uses because it is able to inject in it’s body multiple running processes, it has the necessary equipment to stop it from being detected by anti -malware software. It uses a number of plugins which adds additional malicious functions aimed at bypassing anti - malware software. It gathers passwords for FTP ( File Transfer Protocol ) servers. It spreads by using messengers and servers. It supplies remote access to the compromised machines. It can do video grabbing and web injection, Injection is an entire class of attacks that depends on injecting data into a web application in order to further expedite the execution of malicious data in an unforeseen manner. The last objective is to steal online banking credentials by placing in fake data entry fields into the web page loaded in the victim’s browser.