keylogger Archives

Tech Optimizer

March 25, 2025

Kapersky Internet Security and Antivirus Review 2025

Kaspersky Anti-Virus features a user-friendly interface organized into four main sections: scan, database update, reports, and an on-screen keyboard. The on-screen keyboard enhances privacy when entering sensitive data, protecting against keyloggers. The Reports section provides an overview of scanning activities and includes data from the System Watcher feature, which can mitigate malware attacks. The Database Update section allows for automatic updates to keep the software current with the latest threats, with options for manual scheduling. The scan menu includes a Quick Scan that completes in about seven minutes and a Full Scan that can take several hours; both scans detected all actual malware during testing. Additional scanning options include selective scans and removable drive scans. The software allows for high customization, including a "Gamer Mode" that defers scheduled scans during full-screen applications. It also postpones tasks during battery operation or high disk activity and offers an option to opt out of promotional offers.

Tech Optimizer

February 28, 2025

Evolving Snake Keylogger Variant Targets Windows Users

Cybersecurity researchers at Fortinet have identified a new variant of the Snake Keylogger malware, which has blocked over 280 million infection attempts globally. This malware captures sensitive user information, including credentials and browser data, and has the highest infection rates in China, Turkey, Indonesia, Taiwan, and Spain. The Snake Keylogger operates in three phases: distribution through phishing emails, data collection by capturing keystrokes and extracting credentials from browsers, and data transmission to command-and-control servers via encrypted channels. It employs advanced evasion techniques, such as process hollowing and persistence mechanisms, to operate stealthily. The malware uses obfuscation tools like AutoIt scripting to evade antivirus defenses and specifically targets browser-stored credentials. Security experts recommend caution with emails, using updated antivirus software, and regular patching of systems to mitigate risks.

Winsage

February 19, 2025

A new and dangerous keylogger is on the loose – here’s how to stay safe

Cybersecurity experts at Fortinet have identified a new threat called the Snake Keylogger, which has been involved in over 280 million blocked infection attempts. This malware uses advanced obfuscation techniques, making it difficult to detect and neutralize, and poses risks to individuals and organizations by allowing attackers access to sensitive data. Cybersecurity professionals recommend proactive defense strategies, including keeping antivirus software updated and educating users about cybersecurity issues. Fortinet has not revealed the creators of the Snake Keylogger or specific industries it targets.

Winsage

February 19, 2025

This high-risk keylogger malware is a growing threat to Windows users

Recent reports indicate a surge in the activity of the Snake keylogger, also known as the 404 Keylogger, linked to over 280 million attack attempts since the start of the year. At its peak, it was responsible for as many as 14 million infection attempts in a single day. The malware can log keystrokes and extract personally identifiable information, including geolocation data, transmitting this data back to its command server through channels like SMTP, Telegram bots, and HTTP post requests. The Snake keylogger operates on the AutoIT framework, creating a copy of itself in the Windows Startup folder to ensure execution upon every system restart. It employs advanced obfuscation techniques to evade detection by antivirus software, hiding its malicious code within processes recognized as legitimate by the operating system. The keylogger primarily spreads through sophisticated phishing attacks.

Winsage

February 19, 2025

Snake Keylogger Variant Hits Windows, Steals Data via Telegram Bots

Cybersecurity experts at FortiGuard Labs have identified a new variant of the Snake Keylogger, known as AutoIt/Injector.GTY!tr, which targets Windows users and has blocked over 280 million infection attempts worldwide, particularly in China, Turkey, Indonesia, Taiwan, and Spain. The malware spreads primarily through phishing emails with malicious attachments or links and focuses on popular web browsers to steal sensitive information by logging keystrokes, capturing credentials, and monitoring clipboard activity. It exfiltrates data to its command-and-control server via email and Telegram bots. The malware uses AutoIt scripting to create standalone executables that evade antivirus detection. It installs itself by dropping "ageless.exe" in the %Local_AppData%supergroup folder and "ageless.vbs" in the %Startup% folder to ensure persistence. The malware employs process hollowing to inject its payload into a legitimate .NET process, allowing it to hide from detection. Additionally, the Snake Keylogger can retrieve the victim’s geolocation and extract sensitive information from browser autofill systems, including credit card details. It utilizes various techniques for data collection, credential access, defense evasion, and exfiltration, posing a significant threat to Windows users.

Winsage

February 19, 2025

New Snake Keylogger infects Windows using AutoIt freeware

A new variant of the Snake Keylogger is targeting Windows users in Asia and Europe, utilizing the AutoIt scripting language for deployment to evade detection. This malware, built on the Microsoft .NET framework, infiltrates systems through spam email attachments, logging keystrokes, capturing screenshots, and collecting clipboard data to steal sensitive information like usernames, passwords, and credit card details from browsers such as Chrome, Edge, and Firefox. The keylogger transmits stolen data to its command-and-control server using methods like SMTP email, Telegram bots, and HTTP POST requests. The executable file is an AutoIt-compiled binary that unpacks and executes the keylogger upon opening. The keylogger replicates itself in the %Local_AppData%supergroup directory as ageless[.]exe and places a file named ageless[.]vbs in the Startup folder to ensure it runs automatically on system reboot. This persistence mechanism allows continued access to the infected machine without requiring administrative privileges. Once activated, the keylogger injects its payload into a legitimate .NET process, specifically targeting RegSvcs.exe through process hollowing. It logs keystrokes using the SetWindowsHookEx API with a low-level keyboard hook, capturing sensitive information. Additionally, it retrieves the victim's public IP address by pinging hxxp://checkip[.]dyndns[.]org for geolocation purposes.

Winsage

February 19, 2025

Hidden Microsoft Windows Threat Attacks When Your PC Restarts

A significant alert has been issued for Microsoft Windows users regarding the Snake Keylogger, an advanced keylogger capable of extracting sensitive information from web browsers like Chrome, Edge, and Firefox. It logs keystrokes, captures credentials, and monitors clipboard activity. The malware has already infiltrated millions of PCs and activates upon system restart, disguising itself among benign Windows processes. Fortinet reports that the Snake Keylogger has been circulating since 2020, infiltrating systems through malicious Office documents or PDFs attached to emails. If opened with macros enabled or using vulnerable software, the malware executes. It employs AutoIt scripting to obfuscate its operations and sets its attributes to hidden to complicate detection. The keylogger places a file in the Windows Startup folder to ensure it launches automatically with each restart, maintaining access to the compromised system. Once installed, it checks its environment to capture specific security credentials through keystrokes, clipboard data, or browser autofill information, transmitting this data to its handlers. Fortinet has observed the Snake Keylogger in various countries, including China, Turkey, Indonesia, Taiwan, and Spain. Users are advised to keep security software updated and exercise caution with email attachments from untrusted sources.

Winsage

October 18, 2024

Kernel shellcode persistence technique in APT attacks and SAS CTF challenge

On May 18, 2024, Kaspersky’s Global Research & Analysis Team conducted the qualifying round of the SAS Capture the Flag (CTF) competition, which involved over 800 teams addressing cybersecurity challenges. One significant challenge highlighted a security vulnerability in Windows 7 and Windows Server 2008 R2 systems, allowing kernel shellcode to be concealed in the system registry and executed during boot. This vulnerability is linked to an incomplete fix for CVE-2010-4398. Despite the end of security updates for Windows 7 in early 2020, the flaw was known to be only partially addressed, with exploitation evidence dating back to 2018. The vulnerability affects Windows operating systems from NT 4.0 through Windows 7, allowing kernel shellcode to persist and execute at boot. Attackers exploit it through stack buffer overflows in the "dxgmms1.sys" and "dxgkrnl.sys" drivers using the RtlQueryRegistryValues function. In the CTF challenge, participants analyzed registry hives to identify a crash source, set up debugging for blue screen events, and examined a keylogger payload. The final competition of the SAS CTF will take place in Bali from October 22-25, 2024.

Winsage

September 28, 2024

Microsoft has some thoughts about Windows Recall security

Microsoft has revised its Recall feature for Copilot+ PCs, focusing on security. Recall captures snapshots of the Windows desktop, documenting application usage for future retrieval. Initially announced at Microsoft Build 2024, it faced criticism for privacy concerns, leading to a postponed rollout. By August, Microsoft announced adjustments and planned to release it to Windows Insiders in October. Recall is an opt-in feature, allowing users to enable or disable it, and it encrypts data stored locally on the device. Access requires Windows Hello Enhanced Sign-in Security, and users can delete snapshots or pause the feature anytime. Recall does not record private browsing sessions and allows users to exclude specific apps and websites. A sensitive content filter prevents capturing of passwords and sensitive information. Users can control content retention duration and storage allocation.

Winsage

September 27, 2024

Microsoft reveals how Windows 10 and Windows 11 block keyloggers

In the early 2000s, third-party antivirus solutions dominated Windows operating system security until Microsoft introduced Security Essentials in 2009, which evolved into a comprehensive security product. With the launch of Windows 8, Security Essentials transitioned to Windows Defender, which further developed into a suite of security products for Windows 10 and 11. Microsoft Defender Antivirus protects users against threats like keyloggers and screen scrapers using artificial intelligence, machine learning, and the Microsoft Intelligent Security Graph. Key protection mechanisms include Secure Boot, Trusted Boot, and Measured Boot for system verification, multiple detection engines for malware identification, Tamper Protection to prevent malware from altering security features, and Microsoft Defender SmartScreen to block malware downloads. Microsoft recommends using Microsoft Defender for Endpoint for enhanced security.