Connect with us

Hi, what are you looking for?



Shylock Malware Infrastructure Targeted by International Authorities

Law enforcement agencies and cybersecurity firms have teamed up in an operation aimed at Shylock, a widely distributed piece of malware used by cybercriminals to steal banking credentials.

Law enforcement agencies and cybersecurity firms have teamed up in an operation aimed at Shylock, a widely distributed piece of malware used by cybercriminals to steal banking credentials.

The United Kingdom’s National Crime Agency (NCA), the Government Communications Headquarters (GCHQ), the German Federal Police (BKA), the FBI, Europol, Kaspersky Lab, Dell SecureWorks, and BAE Systems Applied Intelligence have taken part in the operation in which command and control (C&C) servers and domains used by Shylock have been seized.

On Tuesday and Wednesday, the European Cybercrime Centre (EC3) at Europol coordinated the efforts of law enforcement agencies in the UK, the US, Italy, the Netherlands, Turkey, Germany, France and Poland. During the operation, several previously unknown components of the Shylock infrastructure were identified and taken down, Europol said.

“The European Cybercrime Centre (EC3) is very happy about this operation against sophisticated malware, playing a crucial role in the work to take down the criminal infrastructure. EC3 has provided a unique platform and operational rooms equipped with state-of-the-art technical infrastructure and secure communication means, as well as cyber analysts and cyber experts,” noted Troels Oerting, the head of the EC3.

Shylock Malware Operators Targeted by Law Enforcemebt“It has been a pleasure for me to see the international cooperation between police officers and prosecutors from many countries, and we have again tested our improved ability to rapidly react to cyber threats in or outside the EU. It’s another step in the right direction for law enforcement and prosecutors in the EU and I thank all involved for their huge commitment and dedication. A specific thanks goes to Kaspersky Lab who have contributed significantly to the successful outcome of the operation – and our cooperation continues to grow in this and future cases,” Oerting added.

Shylock, which is also known as Caphaw, has been around since 2011 and it has infected at least 30,000 computers, according to Europol. Most of the victims are located in the United Kingdom, but infections have also been seen in Turkey, Italy, the United States and Denmark.

Cybercriminals usually distribute the Trojan using spam campaigns and drive-by download attacks. After infecting a device, the threat hooks into Web browser processes and monitors the victim’s activity. When a targeted financial website is visited, Shylock injects JavaScript and HTML code into webpages to trick users into handing over their personal details to the attackers. The Trojan can also capture screenshots and records videos.

The “Top Banking Botnets of 2013” report from Dell SecureWorks shows that Shylock accounted for 7% of all banking malware last year, being topped only by Gameover Zeus, Citadel and Zeus. In September 2013, Zscaler reported that the financial Trojan was being used to target the customers of two dozen major banks. More recently, cybercriminals compromised the online magazine AskMen and used it to distribute the Trojan.

“The NCA is coordinating an international response to a cybercrime threat to businesses and individuals around the world. This phase of activity is intended to have a significant effect on the Shylock infrastructure, and demonstrates how we are using partnerships across sectors and across national boundaries to cut cybercrime,” commented Andy Archibald, deputy director of the NCA’s National Cyber Crime Unit.

Advertisement. Scroll to continue reading.


Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...