Researchers at the security company Cofense recently released a report about a malware program called Mass Logger, which is sold on underground marketplaces for criminal use. Mass Logger steals passwords from infected computers and also allows the attacker to specify files by extension that they wish to steal. The malware has been frequently updated with new features which allow it to evade detection by anti-virus programs, and a feature that spreads the infection through USB drives. The person who sells Mass Logger on criminal forums, who goes by the name NYANxCAT, also sells several other prolific malware threats including LimeRAT and AsyncRAT.
Analyst Notes
Analyst’s Notes: Malware that steals passwords accounts for a significant number of attacks against home users and enterprise environments alike. Although some defenders consider these to be low risk, many disruptive and costly ransomware incidents start with the theft of passwords, which allows attackers to log on using employee credentials through remote access portals. Since so many employees now work remotely, it may be even more difficult to spot attackers logging in as employees. It is important to monitor login records for unusual activity, such as logins from a different country. It is also crucial to monitor workstations and servers using Endpoint Detection and Response (EDR) tools to detect any abnormal activity from user accounts, even if the attack does not use malware. For Mass Logger, look for unexpected FTP connections from endpoints. Other information-stealing malware often uses email to exfiltrate stolen passwords and data.
For more information, please read: https://www.techradar.com/news/this-dangerous-new-keylogger-could-change-the-entire-malware-space
