This report is about recent malware campaigns utilizing the MassLogger trojan (written in . NET). Previously we have covered features of MassLogger in TIR-20200821. However, recent research has revealed a new variant of the malware, dubbed MassLogger v3 by Avast. The primary goal of these campaigns is credential exfiltration, targeting popular applications such as Microsoft Outlook and Google Chrome.
MassLogger v3 largely maintains similar functionality as previous versions (password recovery, USB spreading, data exfiltration via FTP/SMTP/HTTP, anti-sandbox/VM/debugger detection, etc.). Though keylogging was the main feature, it is disabled in this variant. Other changes in version 3 include increased obfuscation and defense evasion techniques, leaving fewer traces of the malware on victim hosts. Analysis of the malware from Cisco Talos Intelligence Group notes the below applications are targeted for credential exfiltration in this campaign:
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.