We recently came across reports about a hacker group that was able to detect a backdoor which was found capable of monitoring online activities and recording calls when using Skype. However, apart from its routines, it garnered media attention because of its claims that the discovered backdoor may be used by German Law Enforcement.
The malware, which we detect as BKDR_R2D2.A is known as “R2D2″ based on the strings on its malware code:
- Listen to chat conversations for applications such as Skype, Yahoo! Messenger, MSN Messenger and SipGate x-lite.
- Record audio calls when using Skype
- Monitor web browsing activities with browsers SeaMonkey, Navigator, Opera, Internet Explorer and Mozilla Firefox.
- Take screenshots on the affected system.
Below are a list of programs it monitors and injects itself into.
The malware code doesn’t show any information about its connection to any government. However, we’ve encountered reports saying that the Bavarian Minister of Interior Affairs Joachim Herrmann (CSU) already confirmed that the malware was created by the Bavarian police.
Regardless of its creator, however, R2D2 still remains to be an information-stealing tool, and we find it of utmost importance that users are protected from having their privacy broken into. Especially with this release of information to the public, it is highly likely that we will find this tool on the hands of cybercriminals, to be used for more sinister intent. With this, Trend Micro detects R2D2 as BKDR_R2D2.A and its component file as RTKT_R2D2.A.
Leave a reply