Inexperienced KeyBase Keylogger Users Infect Their PCs

Screenshot made by KeyBase keylogger

KeyBagger is a fairly simple malicious software that allows you to record keystrokes on the keyboard, send data from the victim's PC clipboard, and regularly take screenshots of the victim's desktop. Malware was created in February 2015 and first appeared in June last year. Then, researchers from Palo Alto were able to detect an unsecured server to which all information was sent from the computers of the keylogger victims.

After that, the malware author stopped software development and closed the site, through which KeyBase was sold at a price of $ 50. Nevertheless, the information security specialists mentioned above found almost all the data from an unprotected keylogger server. He himself quickly developed in the period when the attacker was working on the project. Now there are 295 versions of KeyBase, and the keylogger has leaked to the network, where they all began to use it.

The number of victims of malware is not so great - at the moment they are infected with something around 933 Windows PCs. But the work on improving the keylogger continues - no longer the author, but his followers create more and more new versions of the program, releasing thousands of different options.
')
Interestingly, the folder where screenshots are sent from the victims' computers is open, so the experts managed to get these images. After analyzing them, it turned out that about 216 infected PCs were corporate machines. 75 - personal systems, 134 used at work and at home. The remaining systems could not be identified, but a total of 933 Windows PCs are infected. True, this is data from one of the waves of infection, information 8 months ago.

Most of the infected systems are in India, China, South Korea and the United Arab Emirates. Most often infected systems that are related to production, transport and logistics, retail.



In the screenshots of the software, specialists saw data on bank accounts, invoices, the contents of e-mail boxes, social network accounts, drawings, financial documents, and much more.

Hacker, infect your PC yourself

It also turned out that during the software testing period, attackers infected their own PCs, and these screenshots are still stored on the same accessible server. Those who use the keylogger now often infect their computers too. The screenshots from the PC of unfortunate attackers show various scripts and software, mainly software for “script kiddies”.

Now the popularity of KeyBase is growing rapidly, and its vulnerability makes the software even more dangerous, experts say.