Scylex is a customizable financial trojan kit designed to steal online banking credentials and includes additional functionalities such as web injection and backdoor installation. The developers of the trojan are aiming to replicate the success of the Zeus GameOver trojan. Scylex is currently sold on the darkweb hacker forum, Lampeduza, for $7,500. For an additional $2,000, buyers gain access to SOCKS5 support, enabling attackers to manipulate data transfers between the user's device and a specified server. F $10,000, the attacker received a hidden virtual network computing (HVNC) module. The packages include 6-8 hours of support per day . Scylex has not yet been seen iwild and, therefore, the capabilities have yet to be confirmed. The developers also claim that they will be adding additional functionality such as form grabbers and injects for Microsoft Edge and Opera browsers, a spreader for social networks, reverse FTP with backconnect, ATS-Engine integrated for web-injects, distributed denial-of-service (DDoS) module, and Click Bot.

Technical Details

  • Heimdel Security provides technical details on the Scylex trojan, available here.

One example of the Scylex trojan. Image Source: Heimdal Security