Dangerous New Mass Logger Touted As Gamechanger

Security researchers from Cofense Intelligence have come across a new keylogger called Mass Logger, which they think could bring significant change to the bigger keylogger market and the phishing campaign landscape.

Data shows that keyloggers continue to grow in their sophistication and popularity, making up for the largest volume of unique phishing campaigns by malware type. Cofense's main concern with Mass Logger is the speed at which the malware is updated. The author, who uses the NYANxCAT pseudonym, is frequently updating the malware with patches that help it avoid security measures that might be taken against it. This also allows Mass Logger's creator to add new features in response to user feedback, increasing the malware's popularity.

This Week In Malware Ep 11: "Mass-Logger" Malware Evolves In Proliferation of Keylogger Threats

Cofense says they have already identified a campaign using an attached GuLoader executable that delivers the encrypted Mass Logger binary. GuLoader has also risen to prominence as a malware delivery mechanism that's used to download encrypted payloads from legitimate file-sharing platforms. The same email that was used to distribute the Mass Logger malware was previously used for Agent Tesla keylogger campaigns, which could suggest that at least some of the cybercrooks pushing Agent Tesla have switched to using Mass Logger.

Apart from Mass Logger, NYANxCAT has created several other well-known malicious programs, AsyncRAT and LimeRAT, to name a few. The malware is usually feature-rich and user-friendly, making it an easy pick for amateur threat actors. That, however, doesn't mean that some of the features NYANxCAT has incorporated into the Mass Logger aren't more advanced, such as the USB spreading capability.

Speaking of functionality, NYANxCAT recently rolled out a total of 13 updates in a period of just three weeks. The patch notes revealed that the author had added new targets to the keylogger's credential-stealing functionality and improved the measures that Mass Logger takes to reduce automated detection.

Sophisticated features such as the function that enables cybercrooks to search for specific file extensions and exfiltrate them is what sets Mass Logger apart from other common malware samples. That, coupled with the speed at which the malware is updated, is undoubtedly going to boost Mass Logger's popularity among cybercriminals.