Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Criminals Using Customized Keyloggers Malware to Steal and Exfiltrate Data

Scmagazine.com reported on 11th July, 2014 quoting researchers of security firm Cyphort as "attackers have been using all types of customized and modified keylogger malware to infect systems and steal data like credentials as a part of massive campaign which dates back to 2009."

Google, Facebook,Yahoo, Skype and Dropbox are among the targets in the campaign known as NightHunter which was so named due to its silent methods of exfiltration of data but threats has been seen targeting oil industry, energy firms hospitals, educational institutions, charities and other organizations.

The security firm is not sure about what attackers are doing with the stolen data but believes that they could use it and attack targets for espionage, extortion and bank fraud.

The cybercriminals distribute the malware through phishing emails which look to be related to payments, purchase orders, jobs and inquiries. Securityweek.com reported on 11th July, 2014 quoting Cyphort as "The malicious notifications are normally sent to the sales, finance and human resources departments of insurance firms, educational institutes, trading companies, charities, broadcasters and others."

The phishing emails contain an archive file which hides a keylogger in most cases and when it is installed on a system, keylogger enable attackers to steal data from FTP applications, Web browsers, instant messaging apps, games, password managers, Bitcoin programs and email clients. Cyphort elaborated that there are additional threats which include features like extension spoofing, screenshot capturing, obfuscation, website blocking, fake error messages, self-removal, file downloaders, Web browser data removal and application disabling.

Cyphort has found more than 1,800 infected systems across the world including U.K., U.S., India, Saudi Arabia and Malaysia.

DarkReading reported on 11th July, 2014 quoting Fengmin Gong, Co-Founder of Cyphort, as saying "The attack is ongoing and we will also continue to monitor it. The attackers are very aggressive in collecting and exfiltrating data. Considering the systematic nature of the actors of the campaign, we are guessing that they are still in a "exploration stage" attacking high-level executives with credentials but currently it is not possible to speculate certainly about their endgame."

ยป SPAMfighter News - 7/22/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page