Fauxpersky Keylogger

A new keylogging malware has been observed. Known as Fauxpersky, it disguises itself as Kaspersky’s Internet Security anti-virus product.

Fauxpersky was developed using AutoHotKey (AHK), a simple scripting language for Windows, and is delivered via infected USB drives. Once installed it downloads four files with similar names to Windows components; Explorers.exeSvhost.exeTaskhosts.exe and Spoolsvc.exe. Using an AHK function it monitors keystrokes, tagging to a file named Log.txt before uploading it to a Google Form.

Propagation is achieved by copying itself to any connected external drives, whose volume labels are then appended with ‘Secured by Kaspersky Internet Security 2017’

This malware is by no means advanced or even very stealthy,” said researchers Amit Serper and Chris Black, in a detailed blog post, published Wednesday.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: