NavRAT logs the keystrokes on the targeted system. NanoCore can perform keylogging on the victim’s machine. Metamorfo has a command to launch a keylogger and capture keystrokes on the victim’s machine. MetaMain has the ability to log keyboard events. MenuPass has used key loggers to steal usernames and passwords. MarkiRAT can capture all keystrokes on a compromised host. Magic Hound malware is capable of keylogging. Text input fields include Spotlight, Finder, Safari, Mail, Messages, and other apps that have text fields for passwords. MacMa can use Core Graphics Event Taps to intercept user keystrokes from any text input field and saves them to text files. Machete logs keystrokes from the victim’s machine. Lokibot has the ability to capture input on the compromised host via keylogging. Lazarus Group malware KiloAlfa contains keylogging functionality. KONNI has the capability to perform keylogging. Kivars has the ability to initiate keylogging on the infected host. Kimsuky has used a PowerShell-based keylogger as well as a tool called MECHANICAL to log keystrokes. KGH_SPY can perform keylogging by polling the GetAsyncKeyState() function. KeyBoy installs a keylogger for intercepting credentials and keystrokes. Kasidet has the ability to initiate keylogging. JRAT has the capability to log keystrokes from the victim’s machine, both offline and online. InvisiMole can capture keystrokes on a compromised host. Imminent Monitor has a keylogging module. HTTPBrowser is capable of capturing keystrokes on victims. HEXANE has used a PowerShell-based keylogger named kl.ps1. The executable version of Helminth has a module to log keystrokes. Malware used by Group5 is capable of capturing keystrokes. GreyEnergy has a module to harvest pressed keystrokes. Grandoreiro can log keystrokes on the victim's machine. The FunnyDream Keyrecord component can capture keystrokes. įIN4 has captured credentials via fake Outlook Web App (OWA) login pages and has also used a. Įxplosive has leveraged its keylogging capabilities to gain access to administrator accounts on target servers. ĮvilGrab has the capability to capture keystrokes. Įmpire includes keylogging capabilities for Windows, Linux, and macOS systems. ĮCCENTRICBANDWAGON can capture and store keystrokes. ĭuqu can track key presses with a keylogger module. ĭtrack’s dropper contains a keylogging executable. ĭOGCALL is capable of logging keystrokes. ĭerusbi is capable of logging keystrokes. ĭarkWatchman can track key presses with a keylogger module. ĭarkTortilla can download a keylogging module. Ĭuba logs keystrokes via polling by using GetKeyState and VkKeyScan functions. Ĭrimson can use a module to perform keylogging on compromised hosts. Ĭobian RAT has a feature to perform keylogging on the victim’s machine. Ĭobalt Strike can track key presses with a keylogger module. Ĭlambling can capture keystrokes on a compromised host. ĬHOPSTICK is capable of performing keylogging. Ĭatchamas collects keystrokes from the victim’s machine. Ĭarbanak logs key strokes for configured processes and sends them back to the C2 server. Ĭadelspy has the ability to log keystrokes on the compromised host. īlackEnergy has run a keylogger plug-in on a victim. īandook contains keylogging capabilities. When it first starts, BADNEWS spawns a new thread to log keystrokes. īabyShark has a PowerShell-based remote administration ability that can implement a PowerShell or C# based keylogger. One of Attor's plugins can collect user credentials via capturing keystrokes and can capture keystrokes pressed within the window of the injected process. Īstaroth logs keystrokes from the victim's machine. ĪPT41 used a keylogger called GEARSHIFT on a target system. ĪPT39 has used tools for capturing keystrokes. ĪPT38 used a Trojan called KEYLIME to capture keystrokes from the victim’s machine. ĪPT32 has abused the PasswordChangeNotify to monitor for and capture account password changes. ĪPT3 has used a keylogging tool that records keystrokes in encrypted files. ĪPT28 has used tools to perform keylogging. ĪppleSeed can use GetKeyState and GetKeyboardState to capture keystrokes on the victim’s machine. Ījax Security Team has used CWoolger and MPK, custom-developed malware, which recorded all keystrokes on an infected system. Īgent Tesla can log keystrokes on the victim’s machine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |