ActionFraud - National Fraud & Cyber Crime Reporting Centre - Call 0300 123 2040

Law enforcement and industry take action against ‘Shylock’ malware

An international operation involving law enforcement agencies and private sector companies is driving down the threat from a type of malicious software used by criminals to steal from bank accounts.


In the first project of its kind for a UK law enforcement agency, the NCA has brought together partners from the law enforcement and private sectors, including the FBI, Europol, BAE Systems Applied Intelligence, GCHQ and the German Federal Police (BKA) to jointly combat the threat from the Shylock trojan.

As part of this activity, law enforcement agencies are taking action to disrupt the system which Shylock depends on to operate effectively. This comprises the seizure of servers which form the command and control system for the trojan, as well as taking control of the domains Shylock uses for communication between infected computers.

This has been conducted from the operational centre at the European Cybercrime Centre (EC3) at Europol in The Hague. Investigators from the NCA, FBI, the Netherlands, Italy, Moldova and Ukraine gathered to coordinate action in their respective countries, in concert with counterparts in Germany, Poland and Romania.

Shylock - so called because its code contains excerpts from Shakespeare’s Merchant of Venice - has infected at least 30,000 computers running Microsoft Windows worldwide. Intelligence suggests that Shylock has targeted the UK more than any other country, despite the suspected developers being based elsewhere.

Victims are typically infected by clicking on malicious links, and then unwittingly downloading the malware. Shylock will then seek to access funds held in business or personal accounts, and transfer them to the criminal controllers.

What you need to know

Computer users opting for automated operating system updates - which can ensure computers infected with malware such as Shylock are cleaned automatically - need take no action at this time. Those not opting for automatic updates, or who would like to learn more about how to check their Windows-operated computers and remove infection, can go to

Andy Archibald, Deputy Director of the NCA’s National Cyber Crime Unit, said:“The NCA is taking the lead in addressing a cyber crime threat to businesses and individuals around the world. This phase of activity is having a significant effect on the Shylock infrastructure, and demonstrates how we are using partnerships across sectors and across national boundaries to cut cyber crime impacting the UK. We continue to urge everybody to ensure their operating systems and security software are up to date.”

Visit Cyber Streetwise, the UK government’s dedicated online cyber security website, for information on how to avoid being a victim of cyber crime and for more advice on downloading updates.

For further information visit the NCA website.

Please note that Action Fraud is not responsible for the content of external websites.

To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.

Most shared articles

Related articles