• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

This dangerous new keylogger could change the entire malware space


PCHF Tech News
Jan 10, 2015
A new keylogger called “Mass Logger” is currently being tracked by Cofense Intelligence and security researchers believe that it could significantly impact the larger keylogger market as well as the phishing threat landscape.

Keloggers make up the largest volume of unique phishing campaigns by malware type today and they continue to grow in both popularity and sophistication.

The reason that Cofense is so concerned about Mass Logger is due to how quickly the malware is updated. Its author consistently updates and improves Mass Logger and this allows cybercriminals deploying the malware to overcome security measures taken to detect and defend against it. This rapid development also allows the malware's creator to quickly add features in response to customer feedback.

Cofense Intelligence has identified a campaign that used an attached GuLoader executable to deliver an encrypted Mass Logger binary. GuLoader itself is a popular malware delivery mechanism that downloads encrypted payloads hosted on legitimate file sharing platforms. The email used in the campaign was also recently seen in an Agent Tesla keylogger campaign which could indicate that some cybercriminals have already decided to switch from using Agent Tesla to using Mass Logger.

Additional functionality

Mass Logger's creator, known as NYANxCAT, is also responsible for several other well-known malware types including LimeRAT, AsyncRAT and other remote access trojans. NYANxCAT's malware is usually feature rich and easy to use which allows for easy adoption by amateur threat actors. However, many of the features incorporated into Mass Logger are quite advanced such as as its USB spreading capability.

NYANxCAT continues to improve the functionality of Mass Logger through updates and recently, 13 updates were released in only a three-week period. In patch notes, NYANxCAT explained that new targets have been added for the keylogger's credential stealing functionality and that measures have been taken to reduce automated detection.

Sophisticated features help set Mass Logger apart from other common malware. For example, it includes a function that allows cybercriminals to search for files with a specific file extension and exfiltrate them.

To defend against Mass Logger and other similar threats, Cofense recommends that network admins watch out for FTP sessions or emails sent from local networks that do not conform to their organization's standards.


Continue reading...