InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,447.87
(
-0.31%
)
US TECH 100
19,044.40
(
0.45%
)
Dow Jones
39,411.21
(
0.67%
)
Brent Oil
84.79
(
-0.56%
)
Bitcoin
61,280.24
(
1.69%
)
Post# of 249143
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Genz2

Send PM Follow Ignore
Followers 5
Posts 2782
Boards Moderated 0
Alias Born 09/06/2006

Genz2

Re: None

Tuesday, 06/16/2020 7:32:32 PM

Tuesday, June 16, 2020 7:32:32 PM

Post# of 249143
Rapidly evolving keylogger malware has some security experts worried

https://www.tomsguide.com/news/keylogger-threat

Network operators warned to take steps to defend against keylogger threat.

A new keylogger that could have a significant impact on web security is being carefully tracked by researchers.

The main worry about this keylogger -- called Mass Logger by its discoverers -- is due to the frequency at which it is being updated by its creator.
The best antivirus programs to keep your systems clean
Best VPN: add a layer of extra protection thanks to a virtual private network
Just in: Zoom security issues: Here's everything that's gone wrong


A keylogger is software or hardware that logs and saves whatever's typed into a keyboard, often in the aim of stealing passwords, usernames or other sensitive information. Keylogging malware is often deployed by spyware or in phishing attacks.

Research lab Cofense Intelligence wrote in a blog post that the author of Mass Logger is consistently updating and improving the malware, making it easier for the malware to bypass security measures designed to mitigate such threats.

Another concern is that the author is able to quickly add new features after receiving feedback from customers (yes, malware developers have customers), which will likely make the malware popular among cybercriminals.


Sophisticated malware

Max Gannon of Cofense Intelligence wrote that one malware campaign used an attached GuLoader executable to deliver an encrypted Mass Logger binary.

He explained: “GuLoader has recently risen to prominence as a malware delivery mechanism which downloads encrypted payloads hosted on legitimate file-sharing platforms.

“The email used to exfiltrate data in this campaign was also recently seen in an Agent Tesla keylogger campaign, indicating that some threat actors may already be switching from Agent Tesla to Mass Logger.”

Mass Logger was created by a developer called NYANxCAT, who is also behind a range of other notorious malware. These include LimeRAT, AsyncRAT and various other RAT variants. (RAT is short for remote-access Trojan, malware that pretends to be benign but which creates a backdoor into your machine after you open the file.)

Rich, easy-to-implement malware

Gannon said NYANxCAT's malware is feature rich and easy-to-use so that it can be easily implemented by cybercriminals, who don't always have the skills to develop their own malware. But what’s interesting is that Mass Logger is already rather advanced.

“Despite this relatively low entry bar, many of the features incorporated into Mass Logger are advanced, such as its USB spreading capability,” Gannon wrote.

“The capable actor behind these malware families has demonstrated an investment in Mass Logger, improving the functionality of the malware with 13 updates in only a three-week time period.”

He also said Mass Logger can steal credentials, bypass automated detection and search for specific file extensions and then exfiltrate them.

To mitigate these threats, Gannon recommends that network defenders watch for FTP sessions or emails sent from the local network that do not conform to your organization’s standards, tune sandbox systems to look for anti-analysis and evasion techniques and disable password-saving in applications like Firefox.
=================================================================
Using an anti-malware solution like Wave Endpoint Monitor and Wave VSC 2.0 (2FA) are a one two combination that other cybersecurity companies just don't have under one company like Wave!!! In this article, WEM can catch this elusive malware, and Wave VSC 2.0 can:

https://www.wavesys.com/products/wave-virtual-smart-card

The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.


Thus, there are no keystrokes to keylog, and WEM can already catch the malware, but having a one two punch makes the security even stronger!!!
==================================================================
https://www.wavesys.com/wave-alternative

https://www.wavesys.com/













Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up