Keyloggers have long been a popular tool for cybercriminals, something made worse by the fact that many of them are sold commercially.
Today, we publish a
paper
(
here
as a PDF) by
Sophos
researcher Gabor Szappanos, in which he studies the ‘KeyBase’ keylogger. Though the product has officially been discontinued, allegedly because of abuse by criminals, it remains widely used and spreads via
Office
exploit kits.
Gabor looks at how KeyBase exfiltrates data from a target machine and also shows what it looks like from the other side, by taking a look at the keylogger’s admin panel.
If you like this paper, make sure you also read
MWI-5: Operation HawkEye
, another paper by Gabor we published last year, in which he looks at the use of the HawkEye keylogger by cybercriminals.
Leave a Reply