Skeeyah Banking Trojan

The Skeeyah trojan has information stealing and anti-remediation abilities. It first appeared in 2015 but reappeared in April 2017 with new capabilities. The reason for the update is currently unknown. It is thought to be used by cybercriminal groups and has links to malware-for-hire services.

In some instances the malware can disable antivirus/anti-malware programs installed on the compromised computer. The system’s restore points are also subject to compromise. It can also change default user settings, delete system files, corrupt the registry, erase user’s data, hijack web browsers, and install more malware threats. In particular, the corruption of the registry means that the trojan can re-infect the system.

Affected Platforms:

Microsoft Windows – all versions

Recomended Action:

To prevent and detect a Trojan infection, ensure that:

• A robust program of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails.
• All operating systems, antivirus and other security products are kept up to date.
• All day to day computer activities such as email and internet are performed using non-administrative accounts.
• Strong password policies are in place and password reuse is discouraged.
• Network, proxy and firewall logs should be monitored for suspicious activity.
• User accounts accessed from infected machines should be reset on a clean computer