One More Discovery: New Keylogger That Disguises as Kaspersky Lab Product
The main purpose of Fauxpersky keylogger is to steal certain data and send them to hackers` mailbox.
Researchers of the Boston IT company Cybereason discovered campaign that distributes a new Fauxpersky keylogger disguised as anti-virus product of Kaspersky Lab. Specialists stress that this malware cannot be called complex or stealthy, but it`s very effective when it comes to stealing passwords.
Creators of Fauxpersky use the popular AutoHotKey application, which allows users to write small scripts for tasks` automation and to compile scripts to executive files. In this case, AutoHotKey helps to create keylogger with ability to spread through USB-drives and infect computers running on Windows operating system.
This malware is easy-to-use and very effective, it is able to send stolen data directly to the mailbox of operators. When all the basic program files are running, all the characters user is typing are recorded in a text file named Windows, so, it will be easier for operators to understand the context. The file content is "pulled out" from device with the help of Google Forms, after which this file is deleted from the disk. Then all forms are sent to attackers` email box. The researchers told Google about these malicious forms, and they were deleted within an hour.