In July 2019, malware researchers spotted a new threat that was being advertised on hacking forums. Its name is the Phoenix Keylogger, and it is being offered as a ‘malware-as-a-service.’ One can rent the Phoenix Keylogger for as low as $14.99/month. For con artists who would like to have it for a longer period, the creators of the Phoenix Keylogger also offer $34.99/3 months and $78.99/lifetime subscriptions. This is not a very high price, and it is likely that more and more shady individuals will subscribe to the Phoenix Keylogger and spread this nasty threat.
Since its release in July, the Phoenix Keylogger has been improved greatly. Its creators have added new capabilities and improved the self-preservation features of the threat. The Phoenix Keylogger is capable of detecting whether it is being launched in a sandbox environment and halt the operation if the test is positive. However, if it is not, the Phoenix Keylogger will check the system for the presence of processes that are linked to almost one hundred anti-malware tools, and if any are registered, the threat will attempt to kill them. The authors of the Phoenix Keylogger have also made sure that the traces left after carrying out an attack also have been minimized. The newest variant of the Phoenix Keylogger is capable of collecting information from:
- More than 20 Web browsers.
- A long list of FTP clients.
- A number of common mail clients.
- Several instant messaging services.
Mostly Used as an Infostealer Trojan
The operators of the Phoenix Keylogger can set up the threat so that it gains persistence on the infected system. However, it would seem that most of the individuals who are taking advantage of the Phoenix Keylogger do not bother doing this and instead use this tool as an Infostealer Trojan and try to get a maximum amount of information from the compromised host for a minimum amount of time. Then, typically, they make sure to wipe out any traces of the unsafe activity that may be left after the operation is completed. Many of the clients who have purchased the Phoenix Keylogger appear to be impressed by how user-friendly the interface of the tool is and how detailed and helpful the instructions are.
The Phoenix Keylogger is a very well-built threat, and the fact that the price tag is so low makes it that much more threatening because pretty much anyone can afford to rent and distribute this keylogger. Make sure you have downloaded and installed a legitimate ant-virus solution so that threats like the Phoenix Keylogger will never be an issue.