This dangerous new keylogger could change the entire malware space

(Image credit: Pixabay)

A new keylogger called “Mass Logger” is currently being tracked by Cofense Intelligence and security researchers believe that it could significantly impact the larger keylogger market as well as the phishing threat landscape.

Keloggers make up the largest volume of unique phishing campaigns by malware type today and they continue to grow in both popularity and sophistication.

The reason that Cofense is so concerned about Mass Logger is due to how quickly the malware is updated. Its author consistently updates and improves Mass Logger and this allows cybercriminals deploying the malware to overcome security measures taken to detect and defend against it. This rapid development also allows the malware's creator to quickly add features in response to customer feedback.

Cofense Intelligence has identified a campaign that used an attached GuLoader executable to deliver an encrypted Mass Logger binary. GuLoader itself is a popular malware delivery mechanism that downloads encrypted payloads hosted on legitimate file sharing platforms. The email used in the campaign was also recently seen in an Agent Tesla keylogger campaign which could indicate that some cybercriminals have already decided to switch from using Agent Tesla to using Mass Logger.

Additional functionality

Mass Logger's creator, known as NYANxCAT, is also responsible for several other well-known malware types including LimeRAT, AsyncRAT and other remote access trojans. NYANxCAT's malware is usually feature rich and easy to use which allows for easy adoption by amateur threat actors. However, many of the features incorporated into Mass Logger are quite advanced such as as its USB spreading capability.

NYANxCAT continues to improve the functionality of Mass Logger through updates and recently, 13 updates were released in only a three-week period. In patch notes, NYANxCAT explained that new targets have been added for the keylogger's credential stealing functionality and that measures have been taken to reduce automated detection.

Sophisticated features help set Mass Logger apart from other common malware. For example, it includes a function that allows cybercriminals to search for files with a specific file extension and exfiltrate them.

To defend against Mass Logger and other similar threats, Cofense recommends that network admins watch out for FTP sessions or emails sent from local networks that do not conform to their organization's standards.

TOPICS
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over