Source code for Skype eavesdropping trojan in the wild
Earlier this week, Swiss programmer Ruben Unteregger who has been reportedly working for a Swiss company ERA IT Solutions responsible for coding government sponsored spyware, has released the source code of a trojan horse that injects code into the Skype process in order to convert the incoming and outgoing voice data into an encrypted MP3 available at the disposal of the attacker.Here's how the trojan, currently detected as Trojan.
"When the Trojan is executed, it injects a thread into the Skype process and hooks a number of API calls, allowing it to intercept all PCM audio data going between the Skype process and underlying audio devices. Note: Since the Trojan listens to the data coming to and from the audio devices, it gathers the audio independently of any application-specific protocols or encryption applied by Skype when it passes voice data at the network level.
Note: The incoming and outgoing audio data are stored in separate .mp3 files. The Trojan also opens a back door on the compromised computer, allowing an attacker to perform the following actions:
- Send the .mp3 to a predetermined location
- Download an updated version
- Delete the Trojan from the compromised computer"