One keylogger known as iSpy has been in the last few months under close monitoring after researchers noticed that the keylogger was under demand on the Dark Web. The keylogger is being sold at just a mere $25 to $35 probably the reason why it is on demand.
However the main reason that the keylogger is so much in demand is because of its ability to capture keystrokes because of its powerful software. The keystroke is able to steal passwords which are mainly stored on the Skype conversation records and the web browsers. It is also able to take some pictures through the webcam and can store data of license keys of various software such as the Microsoft Office and the Adobe Photoshop.
The security firm, Zscaler ThreatLabZ notes that iSpy has been distributed through some JavaScripts and/or document attachments which are in the phish emails and some of the scam campaigns. Te iSpy versions have been used in some expired certificates so that they will be made to look as authentic as they can be when a security software comes in to check. This means the keylogger is essentially undetected by the security software making it even more dangerous.
The iSpy makes use of a loaded that can be used to deliver an encrypted payload and it is compressed through the .Net, AutoIT and the Visual Basic 6.0 languages. On top of that, there are some six more components which are all equipped with the same diverse features including the clipboard monitoring, the RuneScape (MMO game) PIN logging, keylogging, webcam logging, screen capturing and the most notable one to thieves, stealing and accessing passwords.
Zscaler ThreatLabZ’s analyst Atinderpal Singh said that the company had come across one new and improved version of the keylogger in the last 24 hours. The new version also included some other added features such as the erasing of the Skype chat recorder. The keylogger was able to use the various techniques which were used to deceive several users such as the removal of the Zone.Identifier flag from the ADS of the host computer. After it can deactivate the security warning message which will be shown and pops up when the malware file is always run.
The keylogger can also disable various antivirus software, a feature where a Sub-key of the same program which will be in the registry key; Software\\ Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\. It then sets the rundll32.exe as the debugger of the key. All the local data that will be gathered by the iSpy keylogger will go directly to the command and control servers through the FTP, the HTTP and the SMTP protocols. The malware will be using custom encryption prior to transfer of the data.
Zscaler also mentioned that the iSpy keylogger was being sold on the Dark Web in three models of subscription which ranged from 1 to 6 months and some annual subscriptions. The price range was between $25, $35 and $45.