Your new post is loading...
Researchers say the malware is "highly efficient," even if it's not very sophisticated.
A newly-discovered keylogger malware has been found infecting computers in the wild. Though the malware is far from advanced, it's efficient at stealing passwords.
Researchers at Cybereason, a Boston, Mass.-based security firm, call the malware "Fauxpersky," as it impersonates the Russian antivirus software Kaspersky. The keylogger is built off a popular app, AutoHotKey, which lets users write small scripts for automating tasks, and compile the script into an executable file. In this case, the app was abused to build a keylogger, which spreads through USB drives and infects Windows PCs -- and replicates on the computer's listed drives.
"This malware is by no means advanced or even very stealthy," said researchers Amit Serper and Chris Black, in a detailed blog post, published Wednesday.
"However, this malware is highly efficient at infecting USB drives and exfiltrating data from the keylogger through Google directly to the attacker's mailbox," the researchers said.
That's where the malware's functionality gets interesting: Once the malware's core files are all running, everything typed on the computer is recorded into a text file with the window's name -- giving the malware author a better idea of the context to the keylogged text.
The contents of that text file is exfiltrated from the computer through a Google Form. The file is then deleted from the disk. Each form response goes directly to the malware author's email inbox.
Serper and Black reported the malicious form to Google, which took it down within an hour.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Keylogger
Researchers say the malware is "highly efficient," even if it's not very sophisticated.
A newly-discovered keylogger malware has been found infecting computers in the wild. Though the malware is far from advanced, it's efficient at stealing passwords.
Researchers at Cybereason, a Boston, Mass.-based security firm, call the malware "Fauxpersky," as it impersonates the Russian antivirus software Kaspersky. The keylogger is built off a popular app, AutoHotKey, which lets users write small scripts for automating tasks, and compile the script into an executable file. In this case, the app was abused to build a keylogger, which spreads through USB drives and infects Windows PCs -- and replicates on the computer's listed drives.
"This malware is by no means advanced or even very stealthy," said researchers Amit Serper and Chris Black, in a detailed blog post, published Wednesday.
"However, this malware is highly efficient at infecting USB drives and exfiltrating data from the keylogger through Google directly to the attacker's mailbox," the researchers said.
That's where the malware's functionality gets interesting: Once the malware's core files are all running, everything typed on the computer is recorded into a text file with the window's name -- giving the malware author a better idea of the context to the keylogged text.
The contents of that text file is exfiltrated from the computer through a Google Form. The file is then deleted from the disk. Each form response goes directly to the malware author's email inbox.
Serper and Black reported the malicious form to Google, which took it down within an hour.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Keylogger