Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Palo Alto Discloses Details of New Keylogger ‘KeyBase’

Well-known security company Palo Alto Networks just disclosed one fresh group of keylogger malicious program under watch by the company since a few months. Presently circulating online starting February 2015, the program called 'KeyBase' is available for USD50 (or 33 pounds) that the author directly sells to the purchaser, with the program getting used within assaults on several organizations primarily getting served through phishing e-mails, published scmagazineuk.com, June 8, 2015.

The threat intelligence service AutoFocus of Palo Alto had its engineers substantiate that they had spotted 295 distinct strains of the malicious program within over 1,500 separate sessions during Feb-March 2015.

According to Palo Alto, KeyBase has the ability to record keystrokes or material saved inside the clipboard as well as to capture the victimized user's desktop screenshots. The malware's owner also canvasses one support along with password retrieval named Unicode that's an easy-to-use web-panel.

The company states KeyBase attacks targets chiefly within retail, higher education and high-tech industries.

Palo Alto's investigators discovered that the malware communicated with its CnC server devoid of any sort of obfuscation or encryption as also that the malware's first query didn't even have any HTTP headers that let obstacle-free identification of malicious operation.

They also discovered that there was no protection of admission made into the "/image/Images/" route inside the command-and-control server the place holding the screenshots of the hijacked computer, therefore could be gained entry from the World Wide Web without any hassle.

Looking further inside, the investigators found the keylogger controller as testing the tool, since there were images present from the person's desktop.

Palo Alto Networks explains that once enabled, KeyBase persists by utilizing dual methodologies -configuring Run registry option as 'autorun' during system booting alternatively creating the malware's copy onto startup folder. After the copying is done, KeyBase gives itself the name 'Important.exe' that the controller statically sets and which the user can't change within the existing edition.

Whilst there are certain problems with this malware's sophistication, Palo Alto said they'd noticed one considerable and continued increase of keyloggers' application; hence end-users must adopt the required safeguards for lessening the possible dangers resulting from such malware.

» SPAMfighter News - 6/17/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page