“Mass Logger,” which is one of the newest keyloggers currently making the rounds in the cybersphere, is being tracked by security researchers who believe that it could significantly impact the keylogger market in addition to the phishing threat landscape. Keyloggers, which make up the largest volume of unique phishing campaigns by malware type today, continue to grow in both popularity and sophistication among cybercriminals.
The reason some researchers are so concerned about Mass Logger is because of how quickly the malware is updated. The creators of Mass Logger consistently update and improve the software, allowing hackers to overcome security measures intended to stop it.
The rapid, real-time development allows the malware’s authors to add features in response to customer feedback quickly. Security firm Cofense Intelligence identified a campaign that used an attached GuLoader executable to deliver an encrypted Mass Logger binary.
GuLoader is a popular malware delivery mechanism that downloads encrypted payloads hosted on file-sharing platforms that are generally seen as legitimate. The email used in the campaign was also recently used by an Agent Tesla keylogger campaign. This could indicate that some hackers have already decided to switch from Agent Tesla to using Mass Logger.
Mass Logger’s Additional functions
Mass Logger’s creators, who are known as NYANxCAT, are also responsible for several other well-known malware strains, including LimeRAT, AsyncRAT, and other remote access trojans or RATs. NYANxCAT’s malware is versatile and easy to use, which allows for easy implementation by novel hackers. Although it’s simple enough for beginners, many of the features incorporated into Mass Logger are still advanced, including its ability to spread via USB.
Mass Logger’s authors continue to improve its functionality, including a whooping 13 recent updates that were released over only a three-week period. In notes released with a recent patch, NYANxCAT explained that new targets have been added to the keylogger’s credential stealing functions and that features have been added to reduce automated detection. These sophisticated features highlight the dangers of this new and multifaceted threat and separate Mass Logger from the rest of the malware herd.