Skip to main content

Trojan Targeting Skype, VoIP Clients

Symantec is reporting that the source code for a Trojan has been publicly released. Called Trojan.Peskyspy, the Trojan is currently targeting Skype users although Symantec said that it has nothing to do with the program itself, but rather its overall popularity. For now, the Trojan is considered to be a low threat, however Symantec did indicate that the source code could be embedded into additional malware as part of a larger package.

Symantec also explained that Peskyspy could be considered as the first "wiretap Trojan," as it only records audio sent and received by VoIP applications, grabbing the sound coming from the audio devices plugged into the computer. This means that the Trojan captures outbound audio from the microphone before it reaches the application, and after the incoming audio has left the application and sent to the speakers.

"It does this by hooking various Windows API calls that are used in audio input and output," the company said in this security blog. "It then is able to intercept all audio data traveling between the Skype process and the underlying audio device. The extracted audio data is then saved to .mp3 files and stored on the computer."

Symantec said that the Trojan contains a back door, and sends the audio files to a location predetermined by the attacker.