Home Malware Programs Backdoors Keyboy

Keyboy

Posted: June 13, 2013

Threat Metric

Threat Level: 8/10
Infected PCs: 14
First Seen: June 13, 2013
Last Seen: February 20, 2020
OS(es) Affected: Windows

Recently confirmed for its attacks against Asian countries including Vietnam, China and Taiwan, Keyboy is a combination of backdoor Trojan and spyware, with general-purpose security-reductive attacks coupled with functions intended for stealing information from three of the world's most popular web browsers. Although Keyboy is perfectly capable of being a threat to any casual PC user, SpywareRemove.com malware experts have observed that Keyboy's pattern of infections – distributed through carefully-targeted e-mail messages – sync up well with the concept of Keyboy attacking specific industry companies and government agencies. A good combination of self-education on internet safety and updating your software will block Keyboy's current infection vectors, and at least half of all major anti-malware brands have developed definitions for removing Keyboy from your computer.

How an E-mail Unlocks All of Your Private Info

Keyboy, named for one of the text strings found in some of its earliest-analyzed samples, continues the general theme of backdoor Trojans being used for espionage against corporations and government institutions alike, with many attacks targeting educational facilities and employees of telecommunications companies. Like most attacks themed thusly, Keyboy's attacks begin with e-mail messages that are designed to include content that appeals to the reader. Opening an enclosed file attachment subjects the PC to an old (but still effective) exploit that installs Keyboy automatically.

Patching Microsoft Office software is the easiest method of preventing Keyboy's exploits from taking place, and is, regardless, recommended by SpywareRemove.com malware researchers as a standard security measure. Examples of other PC threats that also use similar installation techniques to Keyboy include Backdoor.Makadocs, BKDR_PLUGX.SME, BKDR_POISON.DOC, Enfal and most document-based Trojan droppers (like TROJ_ARTIEF.JN).

Having successfully infected your computer, Keyboy will attempt to steal information directly from Internet Explorer and Firefox, including login details like passwords. However, before Chrome fans start to feel safe, it should also be stressed that Keyboy installs a second component – a specialized keylogger – that also steals information from Chrome.

Shutting Your Computer Door to Keyboy's Pilfering

Despite its competence at stealing information, Keyboy shouldn't be thought of as just spyware since Keyboy also includes functions that SpywareRemove.com malware researchers warn can be used for other attacks. These attacks can include installing other malware, uploading files from your computer, issuing commands to your PC from a remote server and similar backdoor-based security issues.

Based on past statistics gathered by SpywareRemove.com malware analysts, opening an unusual e-mail attachment probably is one of the quickest ways to infect your PC, and Keyboy is not kind enough to display symptoms to indicate its presence. You should act to remove Keyboy as quickly as possible, but doing so without appropriate anti-malware tools runs the risk of failing to delete all of Keyboy's components... or other PC threats installed by Keyboy.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 262.14 KB (262144 bytes)
MD5: 23d284245e53ae4fe05c517d807ffccf
Detection count: 97
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 21, 2017
CREDRIVER.dll File name: CREDRIVER.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Loading...