Live Chat Malware

Recently the a type of malware were released which targets commercial and business online banking users. This type of malware has never been recorded before - infection is using a live chat function to trick online banking users into giving away their sensitive personal information.

Cybercriminals are using Shylock malware platform to distribute their new type of scam, this particular method is very hard to detect and remove. The Shylock malware is able to hide in the memory of the infected computer, it uses very sophisticated methods to remain undetected - it doesn't create a new process rather than that it is able to suspend new processes of legitimate programs from initiating for a couple of moments and then injects them with it's rogue code. Furthermore Shylock uses Watchdog functions to detect antivirus scanning operations. If this malware senses that a security program is beginning initiated it will remove it's registry entries and files and will remain active in the memory. To reinfect your computer, Shylock malware hijacks Windows Shutdown function, just before your computer shuts-down it is able to write the previously deleted registry entries and files back to your computer. The live chat malware is tracking computer users behaviour and start only when a user logs in to online banking applications. The following messages are generated:

Please pass the process of additional verification otherwise your account will be locked.

Sorry for any inconvenience, we are carrying about security of our clients.

The system couldn't identify your PC

You will be contacted by a representative of bank to confirm your personality.


After these messages are shown a live chat window is presented. Cybercriminals are using this method to gather more information about client's online banking acount. This infection is very serrious and many people could fall for this scam where Cybercriminals are posing as an IT help desk technicians.