Caphaw

Caphaw is spyware that also includes several extra functions to support its information-collecting attacks, such as being able to download other files and delete specific types of security-critical PC data. However, Caphaw primarily is identified as a banking Trojan, due to the comprehensive Man-in-the-Middle style functions Caphaw may use to collect account login credentials from a range of prominent online banking websites. Symptoms of Caphaw, like most spyware, may be very difficult to identify, and you should entrust powerful PC security tools with anti-spyware capabilities when protecting your computer from Caphaw or deleting Caphaw, as needed.

Caphaw: the Trojan Thief that's a Little Shy(lock)

Caphaw is one of the alternate aliases for Shylock, a family of banking Trojans that have seen significantly lower rates of distribution than Trojan Zeus or other, similarly infamous threat. However, Caphaw also has been seen to hit unusually sharp peaks both in 2012 and 2013 and were very likely to be in continued distribution in the current year. Although authorities have attempted to disrupt Caphaw's network servers and, thus, cripple its capacity to cause harm, Caphaw remains a substantial threat to any PC that Caphaw infects.

As a banking Trojan, Caphaw is guilty of utilizing the same MitB or MitM (Man-in-the-middle) attacks popularized by more famous Trojans than itself. These attacks allow Caphaw to inject additional form requests into a bank website's HTML. Caphaw monitors the answers to its requests without providing clear indications that the information is not, in fact, being transferred to the bank. Therefore, PC users easily can give away confidential account information without ever being aware of the breach of security.

Tens of thousands of PCs already have been verified as compromised by Caphaw, which also is capable of the following attacks and subversive self-defensive features:

• Caphaw may inject itself into unrelated memory processes, which lets Caphaw launch and run as a background process, indistinct from legitimate programs.
• Caphaw may download and launch other files (such as, for example, the installer for another Trojan).
• Caphaw may allow third parties to have a high level of access to your PC, including remotely controlling your mouse or keyboard.
• Besides collecting banking site data, Caphaw also may record and transfer any typed information, in an attack commonly referred to as 'keylogging.'
• Some security features also may be disabled via Caphaw, such as blocking Skype audio alerts.

These examples don't cover the entirety of Caphaw's feature scope, which is broad, and can be considered equivalent to that of a backdoor Trojan, as well as that of spyware.

Stopping Caphaw from being the New Face of Facebook

While authorities continue to attempt to disrupt Caphaw's network control, PC users should do their best to block Caphaw's confirmed distribution routes. These routes include Facebook spam, Skype file transfers and worm-style infection of both local networks and removable hard drives. Proper security settings and software, along with safe Web-browsing standards, may block all of these distribution methods. Some exploit kits also have installed Caphaw as part of their payloads, which may be downloaded automatically onto unpatched, vulnerable PCs.

In additional to its impressive attacks, malware experts also find Caphaw worrisome for the unpredictability of its distribution. Countries as different as Spain, India, Belarus and the UK all have been witness to Caphaw attacks in meaningful numbers. Like so many other, equally hazardous Trojans, Caphaw is easily noted as a global threat. No matter what your nation of residence, blocking and removing Caphaw with immediate anti-malware solutions should be a top concern for your PC.

Technical Details