The T9000 Trojan is capable of listening and recording your Skype conversations, this Trojan was identified by the Palolto Networks security company. The Paloalto Networks company published a detailed report about the T9000 Trojan on their website.
They explain that the T9000 Trojan has capabilities which allow it to gather sensitive information:
In addition to the basic functionality all backdoors provide, T9000 allows the attacker to capture encrypted data, take screenshots of specific applications and specifically target Skype users.
They also noticed that the T9000 Trojan is capable of evading at least 24 security products:
The malware goes to great lengths to identify a total of 24 potential security products that may be running on a system and customizes its installation mechanism to specifically evade those that are installed. It uses a multi-stage installation process with specific checks at each point to identify if it is undergoing analysis by a security researcher.
The list of security products which it is able to detect and evade;
- Trend Micro
The T9000 Trojan stores the audio of the Skype conversations in an encrypted file, once it has been unencrypted, the file will show that it is a .wav file which contains the audio of each Skype conversations. The videos of the Skype conversations are stored into pictures.
The command and control server of the Trojan can be found at:
Beware the C&C is still active.