Security researchers at zScaler have come across a new variant of a commercial keylogger called iSpy. This new variance not only captures victim’s keystrokes, but it can also take screenshots, access their webcam, and steal user data and license keys to popular applications. We call it a commercial keylogger because it actually has a subscription purchase model as you can see from the image below.
According to the researchers:
Zscaler ThreatLabZ recently came across a signed keylogger campaign in our cloud sandbox. In this blog, we will provide an analysis of this malicious commercial keylogger, known as iSpy. Written in .Net 2.0, iSpy is configured for keylogging, stealing passwords and screenshots, and monitoring webcams and clipboards. It is being sold on underground forums via multiple subscription packages.
How It Works
Once the iSpy keylogger is running, it sends the captured data to a C&C server via FTP, SMTP, or HTTP protocols.
It also contains code to steal the license keys of application software, such as Adobe Photoshop, Microsoft Office, and others. It also collects saved passwords from web browsers, email clients (such as Outlook), FTP clients (like FileZilla and CoreFTP), and games like Minecraft.