According to Cris Pantanilla, a threat response engineer with Trend Micro, the trojan – which has been confirmed as punching a back door in Skype – was coded by a German law enforcement agency.
The malware – which has been detected as BKDR_R2D2.A – is known as R2D2 based on the strings on its malware code, says Pantanilla in his latest security posting.
The malware, he asserted, can listen to chat conversations for applications such as Skype, Yahoo! Messenger, MSN Messenger and SipGate's VOIP application client, as well as recording Skype voice calls.
It can also, he noted, monitor web browsing activities with browsers SeaMonkey, Navigator, Opera, Internet Explorer and Mozilla Firefox, and even take screenshots on an infected system.
“This backdoor also receives commands from a remote site and is capable of installing component files, retrieving system information, downloading, uploading, and executing programs, and uninstalling itself”, he said, adding that it also has the ability to communicate with a remote IP address to receive commands from a remote user.
“This allows total control on the user’s system”, he concluded.
The Trend Micro analyst goes on to say that, while the trojan does not show any information about its connection to any government, his team has have seen reports saying that the Bavarian Minister of Interior Affairs has confirmed that the malware was created by the Bavarian police.
“Regardless of its creator, however, R2D2 still remains to be an information-stealing too."