A security provider has detected malware that was designed to utilize a modified version of an older version of SkypeKit SDK which was created long before Microsoft acquired Skype, and it was “hiding in plain sight” on a custom’s network.
Analysis of the malware, which appeared to be a benign version of Skype installed on a company domain controller, actually includes a backdoor functionality and acts as a custom-designed Remote Access Trojan (RAT).
“Researchers discovered the ability to use Skype as a remote-control procedure,” said Jim Butterworth, a security expert at ManTech International. that was almost eight years ago, and it looks as if the theory has become reality with the discovery of this unusual piece of malicious code, which was being used to exfiltrate data from the network.
“The Skype-looking specimen first seemed to simply be supporting Skype communications traffic, but it was installed in an unusual directory location and configured to operate as a standalone VoIP application. One of the tip-offs that it was malware was the strange network traffic spike occurring during off-peak hours and difficulties that systems administrators had getting to the domain controller,” writes NetworkWorld’s Ellen Messmer.
“A close look at the Skype specimen in the executables removed from the domain controller showed a creative attacker had used a modified version of the old Skype software development kit (SDK) and turned it into a remote-access Trojan to steal corporate data.”
Read More Here…