The researchers also warned it is so sophisticated, it can hide from even the most popular anti-virus software, making it extremely difficult to detect.
T9000 allows the attacker to capture encrypted data, take screenshots of specific applications and specifically target Skype users. The malware goes to great lengths to identify a total of 24 potential security products that may be running on a system and customizes its installation mechanism to specifically evade those that are installed. It uses a multi-stage installation process with specific checks at each point to identify if it is undergoing analysis by a security researcher.
It stores critical files dropped by the Trojan in a directory named “Intel.” T9000 is pre-configured to automatically capture data about the infected system and steal files of specific types stored on removable media.
The Trojan is said to involve what’s known as a multi-stage installation process and checks at each point for any installed anti-virus programs. After checking everything, T9000 installs itself and then collects information stored on the infected system, sending it to the hacker’s server.
The malware is said to have spread originally via spear phishing emails sent to organisations in the US. Spear phishing is an e-mail spoofing fraud attempt that targets a specific group or organisation. The intent is to steal intellectual property, financial data, trade or military secrets and other personal information. However, researchers believe this new backdoor malware is so sophisticated it can adapt to be used against any victim that a cybercriminal wishes to hack.