What Is Mass Logger and Why Does It Have Cybersecurity Researchers Worried?

Mass Logger Keylogger

Hacking forums are busy places. Malware authors fight to make fat wads of cash by selling their products to wannabe cybercriminals, and it must be said that there is no shortage of buyers. The competition is stiff, and it's very hard for a newcomer to arrive on the scene and steal some customers from the established names. That being said, a new keylogger called Mass Logger recently caught the attention of security researchers, who think that it could be a force to be reckoned with for the foreseeable future. But what makes it stand out from the crowd?

Mass Logger was created by an experienced developer

Apparently, Mass Logger's author has picked the right type of malware to sell. The age of massive ransomware campaigns is well and truly over now, and according to Cofense, most of the malware distributed by spam emails consists of keyloggers.

The increased demand for keyloggers should help with sales, but Mass Logger's developer wants to popularize their product even further and to do that, they've created a YouTube video which showcases some of the keylogger's functionality.

The author goes by the nickname NYANxCAT, and a quick look through their YouTube channel reveals that Mass Logger is far from the only malware family they're responsible for. Cofense's researchers said that NYANxCAT sits behind a wide variety of remote access trojans like LimeRAT and AsyncRAT, and the videos suggest that the hacker has also created a few other hacking tools of different description. In other words, we're talking about an experienced malware author who has already made a name for themselves in the hacking community. This definitely increases Mass Logger's chances of success.

An easily configurable keylogger with plenty of features

Mass Logger's main functionality is pretty standard. The malware records all the keystrokes the victims makes and stores them in log files, which are periodically sent back to the crooks either through FTP or via email. A quick look at the YouTube advertisement shows, however, that customers have quite a few other options to play with, including the ability to take screenshots and spread via USB devices. GData researchers also confirmed that Mass Logger comes with multiple modules, and crucially, they said that enabling them and disabling them is very easy.

Ease of use is another selling point for Mass Logger. Let's not forget that the people who buy and distribute malware aren't necessarily that tech-savvy, and an intuitive interface can be a massive advantage for them.

Mass Logger receives regular updates

Mass Logger is already shaping up to be quite a formidable keylogger, but NYANxCAT seems determined to make it even better. In a period of just three weeks, Cofense's researchers saw no fewer than 13 Mass Logger updates. The new versions brought expanded credential-stealing capabilities and detection evasion tools, and at that rate, Mass Logger could soon evolve from a relatively simple keylogger to a versatile malware family.

It's clear that Mass Logger has a lot going for it at the moment, but can it really capture a significant market share? It looks like this is happening already.

According to Cofense's report, a group of cybercriminals recently switched from Agent Tesla to Mass Logger, which goes to show that NYANxCAT is already making money from their newest creation. Unfortunately, this means that the developer will likely put even more effort into the malware, and that's not good news for the regular user.

June 17, 2020

Leave a Reply