This dangerous new keylogger could change the entire malware space

Date:

A new keylogger called “Mass Logger” is currently being tracked by Cofense Intelligence and security researchers believe that it could significantly impact the larger keylogger market as well as the phishing threat landscape.

Keloggers make up the largest volume of unique phishing campaigns by malware type today and they continue to grow in both popularity and sophistication.

The reason that Cofense is so concerned about Mass Logger is due to how quickly the malware is updated. Its author consistently updates and improves Mass Logger and this allows cybercriminals deploying the malware to overcome security measures taken to detect and defend against it. This rapid development also allows the malware’s creator to quickly add features in response to customer feedback.

Cofense Intelligence has identified a campaign that used an attached GuLoader executable to deliver an encrypted Mass Logger binary. GuLoader itself is a popular malware delivery mechanism that downloads encrypted payloads hosted on legitimate file sharing platforms. The email used in the campaign was also recently seen in an Agent Tesla keylogger campaign which could indicate that some cybercriminals have already decided to switch from using Agent Tesla to using Mass Logger.

Additional functionality

Mass Logger’s creator, known as NYANxCAT, is also responsible for several other well-known malware types including LimeRAT, AsyncRAT and other remote access trojans. NYANxCAT’s malware is usually feature rich and easy to use which allows for easy adoption by amateur threat actors. However, many of the features incorporated into Mass Logger are quite advanced such as as its USB spreading capability.

NYANxCAT continues to improve the functionality of Mass Logger through updates and recently, 13 updates were released in only a three-week period. In patch notes, NYANxCAT explained that new targets have been added for the keylogger’s credential stealing functionality and that measures have been taken to reduce automated detection.

Sophisticated features help set Mass Logger apart from other common malware. For example, it includes a function that allows cybercriminals to search for files with a specific file extension and exfiltrate them.

To defend against Mass Logger and other similar threats, Cofense recommends that network admins watch out for FTP sessions or emails sent from local networks that do not conform to their organization’s standards.

Share post:

Subscribe

spot_imgspot_img
spot_imgspot_img

Popular

More like this
Related

OPINION: The Musings Of A Ruga Girl—Shoola, My Purred Friend

  March 20, (THEWILL) – Cats, also known as domestic...

OPINION: National Unity, Prejudices And The Consequence Of Anger

  March 20, (THEWILL) – Anger is a barren human...

Sen. Mark Warner: Big risks to tackle from banks to TikTok

Sen. Mark Warner, Democrat of Virginia, is right in...

Local manure regulations can help reduce water pollution from dairy farms

Manure spreading on agricultural field. Credit: UW-Madison’s Nutrient &...