Cisco Talos have found a new variant of old spyware which was attacked the Windows platform for years. It has come back in a new variant with more powers. The spyware can not go undetected in Windows. It targets users and steals their credentials from browsers and apps.
Hackers keep improving their malicious vendors to achieve their goals. The reemergence of a credential-stealing campaign affects Windows systems and steals information from Google Chrome browser Microsoft Outlook app, and instant messaging apps installed on the machine.
Masslogger can also be configured as a keylogger that tracks keystrokes but has not this functionality. One of the examples of spyware is the “Domestic customer inquiry”. The email had an attachment compromising the user’s computer with the malware attack. The file was named “70727_YK90054_Teknik_Cizimler.R09” where the RAR file had a different extension than .rar. Researchers found this Masslogger variant not only exfiltrates data from SMTP, FTP, and HTTP locations, but it also steals data from Pidgin messenger client, Discord, NordVPN, Outlook, Thunderbird, Firefox, QQ Browser, and all Chromium-based browsers such as Google Chrome, Microsoft Edge, Opera, and Brave.
Researchers advised that users never open a suspicious email and should refrain from downloading or clicking on any of the email attachments. Use the advanced malware protection solutions which is an alternative to protect your devices and not just emails.