KeyBase Keylogger

KeyBase Keylogger Description

The KeyBase Keylogger family has been active since February of 2015. The KeyBase Keylogger has numerous features and is sold directly by its authors for $50 USD. The KeyBase Keylogger is being used against various businesses and government agencies and may be delivered by using phishing email messages containing corrupted email attachments and embedded links. There have been at least 300 hundred infected computers since February of 2015. The KeyBase Keylogger has been used to target specific industries, particularly companies in the technology, retail and higher education sectors. PC security analysts consider that the KeyBase Keylogger is threatening and may result in significant losses for targeted businesses and individuals.

Why Third Parties may Want to Acquire the KeyBase Keylogger

First observed in February of 2015, the KeyBase Keylogger is sold in an online store and the URL keybase(dot)in. The KeyBase Keylogger is distributed on various underground hacking forums and has been active for at least four months. The following features may be included in the KeyBase Keylogger attack:

  • The KeyBase Keylogger has an advanced keylogger feature. This allows the KeyBase Keylogger to track keystrokes on the infected computer, keeping track of online passwords, credit card numbers and similar data that may be used to generate revenue.
  • The KeyBase Keylogger may be very difficult to remove, in particular when running and scanning the affected computer.
  • The KeyBase Keylogger is designed to be easy to use since the KeyBase Keylogger may be sold to inexperienced hackers on these forums. The KeyBase Keylogger has a Web console that allows third parties to monitor the KeyBase Keylogger's functions and attack.
  • The KeyBase Keylogger may support various languages and keyboards and allow third parties to isolate sensitive data from the keystrokes typed on affected computers.

The KeyBase Keylogger has Increased in Popularity Since February of 2015 Substantially

Although the KeyBase Keylogger is not particularly sophisticated when compared to other, similar threats, the KeyBase Keylogger has increased in popularity substantially since February of 2015. This is probably because the KeyBase Keylogger has received wide distribution and is not difficult to use for inexperienced attackers. The KeyBase Keylogger may be quite easy to detect on affected computers, and most security programs that are fully updated should be able to notice that the KeyBase Keylogger is logging keystrokes and running in the background. The KeyBase Keylogger may take screenshots and collect data that has been cut or copied into the affected computer. One reason the KeyBase Keylogger is easy to intercept and remove is that the KeyBase Keylogger does not use obfuscation or encryption when connecting to its Command and Control server. This allows PC security researchers to intercept the KeyBase Keylogger quickly and notice when the KeyBase Keylogger is establishing communications.

How the KeyBase Keylogger may be Distributed

Most KeyBase Keylogger attacks may be distributed using mass email programs. These applications that may rely on botnets may be designed to deliver large quantities of corrupted email messages. These may be spam email messages or phishing emails that are more specifically designed to trick specific targets. The attack strategy is not difficult to understand, and may use the following strategies:

  1. Third parties may identify the target that has the data they want to collect.
  2. These people may then craft an email designed to con the PC user into opening an affixed file or clicking on an inserted link For example, if the targeted victim is an office, it may try to impersonate an inter-office memo.
  3. The email may contain an embedded link or email attachment that contains the KeyBase Keylogger and installs the KeyBase Keylogger on the victim's computer when opened. These emails may contain legitimate content as well, to hide the fact that the KeyBase Keylogger is being installed in the background.

Technical Information

File System Details

KeyBase Keylogger creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%Program.exe 26,785 b7f39e0b7596a2aa3ff2b52bcd7fff2a 59
2 file.exe 833,000 00cee43716a3251fa97b90705c355095 0
More files

Registry Details

KeyBase Keylogger creates the following registry entry or registry entries:
Regexp file mask
%APPDATA%\program.exe

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.