Symantec has discovered a new version of the infamous Shylock banking Trojan hitting the UK's financial sector, which includes a number of new capabilities to increase its data stealing prowess.
Symantec also reported seeing Shylock collect passwords from a variety of applications, spread through Skype instant messages and a remote desktop connection to the compromised computer.
Symantec security response manager, Gavin O'Gorman told V3 that the new variant increase the amount of control the malware's author has over the machine using new modular upgrades on Monday.
"The difference is in the large number of additional modules which the attackers are utilising. These extra modules, distributed in late January and early February, increased the attackers capability," said O'Gorman.
"It gives the attacker much finer-grained control over a victim computer, as well as increasing the ability of the attackers to spread and to distribute their command and control architecture."
The modules being used included an archiver to let it compresses recorded video files before uploading them to remote servers, a component to let crooks use infected PCs as a proxy server and a tool that spreads the malware to attached and removable drives.
O'Gorman said that the modules make the attack an even bigger threat, potentially acting as a springboard for the criminals to expand their operation.
"With the new spreading and information stealing functionality, the Shylock authors will be able to use stolen accounts for their C&C servers. This alleviates the risk for the attackers by making it more difficult for law enforcement to track the attackers. They will also be able to spread through USB drives and instant messages," he said.
"This will help to infect all computers in either a household, or potentially in a company. It also means that if the attackers have developed their own distribution network, they may no longer need to rent one from another criminal. It gives the attackers more independence.
"This means that the attackers can operate much more aggressively, not needing to fear for prosecution perhaps as much as they would have otherwise."
Shylock was first uncovered targeting at least 60 financial institutions, the majority of which are believed to be based in the UK, in 2011.
The malware steals employee information to help the criminals gain illegal access to the company's main network where they can perform fraudulent transactions.
The criminals have reportedly used the new version as a means to expand their operation, targeting a number of non-UK financial firms.
"At first, Shylock was specifically targeting computers located in the UK but it is now spreading to other countries," wrote a Symantec spokesperson in the company threat report.
"Also, as some financial institutions become less desirable as targets, either due to increased security measures or a lack of high-value business accounts, Shylock is refocusing its attacks on those offering potentially larger returns."
Symantec predicted more variants of the Shylock malware will appear in future.
The latest version's appearance follows widespread reports that the number of attacks targeting the financial sector and businesses in general is increasing.
Most recently, security firm FireEye said that firms are being hit by advanced defence dodging attacks at least once every three minutes.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all