A new keylogger that could have a serious impact on web security is being closely tracked by researchers.
The main concern about this keylogger (which the discoverers call Mass Logger) is the frequency with which it is updated by its creator.
Keyloggers are software or hardware that log and store what is typed on a keyboard, often for the purpose of stealing passwords, user names, and other sensitive information. Keyloggers are often used in spyware and phishing attacks.
Cofense Intelligence, a research lab, notes in a blog post that the authors of Mass Logger consistently update and improve their malware, making it easier to bypass security measures designed to mitigate such threats.
Another concern is that authors can take customer feedback (yes, malware developers have customers too) and quickly add new features.
Max Gannon of Cofense Intelligence writes that one malware campaign used an attached GuLoader executable to deliver an encrypted Mass Logger binary.
He explains: "GuLoader has recently gained prominence as a malware delivery mechanism for downloading encrypted payloads hosted on legitimate file sharing platforms.
"Emails used to exfiltrate data in this campaign have also recently been seen in the Agent Tesla keylogger campaign, indicating that some threat actors may have already switched from Agent Tesla to Mass Logger Mass Logger.
Mass Logger was created by a developer called NYANxCAT. These malware include LimeRAT, AsyncRAT, and various other RAT variants. (RAT stands for Remote Access Trojan, which is malware that pretends to be benign but creates a backdoor to a machine after opening a file.)
According to Gannon, NYANxCAT malware is feature-rich and easy to use, making it easy for cybercriminals without the skills to develop their own malware to implement. Interestingly, however, Mass Logger is already quite sophisticated.
"Despite this relatively low barrier to entry, many of the features built into Mass Logger are sophisticated, such as USB proliferation capabilities," Gannon wrote.
"The talented actors behind these malware families have demonstrated their investment in Mass Logger by improving the malware's functionality with 13 updates in just three weeks.
He also noted that Mass Logger can steal credentials, bypass automatic detection, search for specific file extensions, and exfiltrate them.
To mitigate these threats, Gannon said network defenders should monitor FTP sessions or e-mails sent from local networks that do not comply with organizational standards, adjust sandbox systems to look for anti-analysis and evasion techniques, and use applications like Firefox that We recommend disabling password storage in applications.
Comments