Scylex

Scylex is a banking Trojan that is being advertised on the Dark Web as the 'next big thing.' Scylex has not been observed in attacks in the wild but is being advertised on Dark Web hacking forums currently. According to these advertisements, Scylex is a banking Trojan that is completely original (their advertisement claims that Scylex is 99 percent original). Most banking Trojans that have appeared in recent years have been based in some way on the Zeus banking Trojan, whose source code was leaked and resulted in a wide variety of banking Trojans that were little more than copies of this infamous banking Trojan. Malware analysts and security software can now protect against Zeus and Zeus clones easily, meaning that a completely original banking Trojan like Scylex would be devastating.

Scylex is Being Sold For Large Amounts of Money

Scylex is currently being sold at a minimum of $7500 USD. Their main selling point is that Scylex has a better chance to avoid anti-virus software than any clone of the Zeus banking Trojan. The basic version of Scylex is being sold for $7500 USD, and it includes a rootkit to deliver Scylex, data collecting modules for different Web forms, content injection, a reverse proxy, slow connection capabilities, and the capacity to carry out attacks without administrator privileges. Buyers can pay $2000 USD more for Scylex to receive full SOCKS5 proxy support. There is even a premium package that offers HNVC (Hidden Virtual Network Computing) for $10000 USD. This allows con artists to use virtual desktops to carry out all kinds of threatening operations. One can imagine the vast amounts of money that can be reaped from these tactics when considering that these are common prices for these types of threats.

Scylex is Still Under Development

New features for Scylex are still being developed. These new features may include Opera and Edge support and new distribution modules. Con artists have also hinted that they may support reverse FTP and an ATS engine that could be used to take advantage of banking accounts that were hijacked. Scylex could also be leveraged to carry out DDoS (Distributed Denial of Service) attacks and create click-bots. Due to the profile of Scylex, it is likely that we will start to observe Scylex variants in the wild as con artists purchase this banking Trojan and start to distributing Scylex and using it for their own purposes. The following is the full advertisement for Scylex that has appeared in the Dark Web forums:

What is Scylex?
It.s not a copy of ZBerp like the rest of the market. It is a banking Trojan written 99% from scratch in C++. The goal is to bring back to the scene what Zeus/SpyEye, Citadel, ZeroAccess left behind, and introduce a brand new solution as well.
Do you want to make money, do you want multiply your net-worth?
Then our solution is the perfect one for you. It is good to take note, this Trojan is aimed at users who have a solid understanding of how to monetize their network. However! We accept even beginners, and offer support for all!
What is included in the package?
Stub size: 276kb (with all the below features)
(!) x86/x64 Injection through Heavens Gate Selector
User-mode rootkit (x86/x64)
Formgrabber/Webinjects (IE[8-latest]/FF[22 – latest]/Chrome[36-latest])
Socks5 reverse proxy with backconnect
* works around NAT, without admin privileges
HVNC (Hidden VNC) with backconnect (made from scratch! NOT A ZEUS/GOZI RIP-OFF! Works on XP to 10 + Servers)
* works on x86 & x64 OS, backconnect protocol is extremely fast, as well as on slow bandwidth
What will we add in the future?
Form grabber + Injects support on Microsoft Edge & Opera
Spreader (Social networks, PE Infection, Device propagation)
Reverse FTP (Silent filecomputer ex-filtration) with backconnect
ATS-Engine (to-be integrated into Web-injects), we will write our own
DDoS module (aimed for max efficiency/output like specific ddos bot)
Click Bot (CPM/PPC)
What is the cost?
All payments made are only 1 time. With this you will be provided support (6-8 hours a day), and will be entitled to updates and changes without extra cost.
Base license – video to-be added
7 500 USD – Includes Form grabber + Web injects (IE/FF/Chrome), x86/x64 user-mode rootkit, and download + execute process from memory
SOCKS5 – video to-be added
2 000 USD – Includes Socks5 extension, works around NAT filtering, with back-connect server
HVNC – https :[REDACTED]
10 000 USD – Includes the ONLY HVNC plugin that works on ALL versions of Windows, with a fast connection time, instant response to interaction from your end, works well even with slow bandwidths
* side note: with the addition of new features/plugins, this list will be updated accordingly!
Contact (OTR only)
option 1: [REDACTED]
option 2: [REDACTED]
Without further ado, I recommend to everyone that we stay safe and work only with escrow!