What is Caphaw?

Caphaw is an extremely dangerous backdoor Trojan that enables remote attackers to steal credential information, such as online banking details. The Caphaw Trojan, also known as Shylock, is capable of accessing the target computer in different ways, or rather via different platforms. Caphaw spreads via Skype, Facebook, removable drives, and as drive-by malware. The malicious program is known to be active since 2013 and so far has affected the United Kingdom, Italy, Spain, France, and some other European countries. Some cases of the infection have also been recorded in the United States, Brazil, and the People’s Republic of China. The removal of Caphaw is a must; otherwise, you risk losing your sensitive information and money. 100% FREE spyware scan and
tested removal of Caphaw*

How does the Caphaw Trojan spread?

When the Trojan horse gets access to your computer, it can send videos, photos, and other documents to your Skype contacts. Caphaw also spreads via Facebook; however, instead of files, it displays a corrupt link, which you and your Facebook friends should not click on in order not to execute the malware. The latest analysis of the Caphaw has revealed that now it is being spread by malicious advertisements displayed on YouTube, which is why it is highly advisable to ignore pop-up advertisements, especially when they are displayed by adware programs.

How does Caphaw work?

Caphaw, also referred to as Win32/ Caphaw, possesses characteristics typical of banking malware. It bypasses security programs and injects itself into all running processes. Moreover, it executes C&C tasks and communicates with the server using inter-process communication (IPC) mechanisms.

It has been found that that the backdoor Trojan sets many hooks, which are techniques used to alter the behavior of an operating system. One of the techniques is the InitiateSystemShutdown function, which enables remote attackers to control shutdown and reboot processes and renew the malware after it has been removed from the computer.

In order to spread malware via different platforms, the Trojan horse executes certain plug-ins including BackSock, VNC, DiskSpread, MessengerSpread, VideoGrabber, and some others. With the help of these plug-ins, Caphaw collects FTP passwords, spreads via shared folders, send Skype messages, etc.

Caphaw is known to be capable of injecting malicious code into banks’ websites and replace phone numbers with fake ones. Caphaw has already inflicted damage to Barclayes, RBS, Firstdirect, and Bank of Scotland, to mention just a few.

If you do not want to lose your money and access to your bank account, you should keep the system protected so that you do not have to worry about the removal of the Caphaw Trojan.

How to remove Caphaw?

If you suspect that the computer contains some malicious programs, it is worth scanning the system. Our team at recommends using SpyHunter because this real-time security tool can easily remove Caphaw from the computer. Due to the fact that the Trojan has different variants, different detection names are used. Thus, Caphaw can be detected as Backdoor.Skype Caphaw or Backdoor. Caphaw. 100% FREE spyware scan and
tested removal of Caphaw*


Leave a Comment

Enter the numbers in the box to the right *