Malware News Fauxpersky Keylogger masqueraded as Kaspersky Antivirus and spreads via USB drives

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://securityaffairs.co/wordpress/70840/malware/fauxpersky-keylogger.html
Security researchers at Cybereason recently discovered a credential-stealing malware dubbed Fauxpersky, that is masquerading as Kaspersky Antivirus and spreading via infected USB drives.

Fauxpersky was written in AutoIT or AutoHotKey, which respectively are a freeware BASIC-like scripting language designed for automating the Windows GUI and general scripting and a free keyboard macro program to send keystrokes to other applications.

The analysis of infected systems revealed the existence of four dropped files, attackers named them as Windows system files: Explorers.exe, Spoolsvc.exe, Svhost.exe, and Taskhosts.exe.
After initial execution, the Fauxpersky keylogger gathers the listed drives on the machine and starts replicating itself to them.

“This AHK keylogger utilizes a fairly straightforward method of self propagation to spread. After the initial execution, the keylogger gathers the listed drives on the machine and begins to replicate itself to them. Let’s examine the process:” reads the analysis.
“This allows the keylogger to spread from a host machine to any connected external drives. If the keylogger is propagating to an external drive, it will rename the drive to match it’s naming scheme.”
Click to expand...
 
  • Like
Reactions: silversurfer, omidomi, ZeroDay and 7 others
D

Deleted member 65228

Andytay70 said:
I'm avoiding anything with "persky" in it now! :(
Click to expand...
Why? Kaspersky aren't involved with this except flagging it as malicious software to protect their customers.

You're using Avast according to your configuration. If a malware author were to brand something using part of the Avast name, you'd suddenly stop using it and would avoid them?

Malware authors do these things all the time, and even more common method is stealing their logos and pretending they were certified by them. Only the other day I found a scare-ware campaign attempting to infringe on Microsoft to push PUPs/PUAs.
 
  • Like
Reactions: ZeroDay and harlan4096
You must log in or register to reply here.

Similar threads

H
    • +Reputation
    • Like
    • Thanks
Guide | How To A Comprehensive Protection of USB Ports/Devices
Replies
8
Views
2,990
Guides - Privacy & Security Tips
simmerskool
simmerskool
Trident
    • Like
    • +Reputation
    • Thanks
Serious Discussion Decoding the Trend Micro Components and Protection Model
Replies
24
Views
3,008
Other security for Windows, Mac, Linux
Mahesh Sudula
Mahesh Sudula
upnorth
    • Like
    • +Reputation
    • Wow
Malware Analysis PyPI Malware Creators are starting to Employ Anti-Debug techniques
Replies
0
Views
891
Malware Analysis
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top