Home Malware Programs Keyloggers Kutaki Keylogger

Kutaki Keylogger

Posted: August 18, 2020

The Kutaki Keylogger is a relatively unpopular threat in the world of cybercrime, but it is still being propagated by different cybercrime groups and threat actors actively. The keylogger also doubles as an infostealer since it has some data theft functionality embedded into its code. The malware appears to be propagated via fake email attachments exclusively, and it often may try to present itself as a legitimate application. Analyzing some of Kutaki Keylogger's payload revealed that its operators embedded the threatening program in a legitimate application installer – the backdoor installer would deploy the keylogger's files, while the user is presented with the legitimate program installer in the foreground. In other cases, the fake emails contained a Microsoft Office attachment that used specialized macro scripts to exploit vulnerabilities in the office software and deploy the Kutaki Keylogger.

A Simple Keylogger Still Boasts the Ability to Detect and Evade Virtual Environments

The Kutaki Keylogger is by no means an advanced project, but its creators have made sure to include some basic anti-debugging and anti-VM (Virtual Machine) techniques. As soon as the Kutaki Keylogger is launched, it will look for specific Registry keys whose values may signal that the operating system is being hoisted on a virtual machine. It also will look for specific DLL files and processes known to be used by some of the popular virtualization software. If any of these inspections turn out positive, the Kutaki Keylogger will cease its execution.

If the implant determines that there is no virtualization software involved, it will proceed to deploy its components and run the main module. The threat is able to fetch additional payloads to run, and it has the ability to obtain the following information:

  • Data from popular Web browsers like Firefox, Google Chrome, Internet Explorer, Microsoft Edge, and various browsers based on the Gecko or Chromium projects.
  • It can log keystrokes and mouse clicks.
  • It can hijack the clipboard data.
  • It can grab screenshots of the desktop or active window.
  • It can access the computer's microphone and record audio.

Other keyloggers and infostealers can be much more advanced, but Kutaki Keylogger's limited features are more than enough to cause tremendous damage if the infection is not caught on time. The operators may gain access to private conversations, sensitive data and more. It is best to keep your system safe by using an up-to-date anti-malware application, as well as learning not to interact with suspicious files from the Internet.

Loading...