MassLogger

MassLogger is a threatening monitoring utility that cybercriminals might try to plant on systems that they want to extract information from. As the name MassLogger suggests, the primary purpose of the tool is to serve as a keylogger that can allow a remote criminal to see the keystrokes that the victim uses. However, MassLogger also supports additional modules that can enable it to engage in infostealing operations – it is able to collect files and data associated with the following software:

• Web browsers like Yandex, Firefox, Chrome, Opera and Chromium-based browsers.
• Messaging services/software like Discord, Telegram, QQ and Pidgin
• VPN clients.
• FTP clients like FileZilla.
• Various email clients.

MassLogger is Being Sold to Crooks Worldwide

It is important to add that MassLogger is not being used by a specific threat actor and, instead, it is being sold as a product – the authors use the name handle 'NYANxCAT' and sell licenses for MassLogger on the public vSell platform. According to the purchase page, any cybercriminal can pay for MassLogger's Server and Client by choosing one of the plans that start at $25. This makes MassLogger a product exceptionally threatening since any crook could integrate it in their next attack.

A screenshot from MassLogger's panel shows one interesting feature called 'USB spread' – this means that if a USB stick is connected to a computer infected with MassLogger, the threatening program might copy its files to it, therefore allowing it to infect even more systems.

It is likely that the cybercriminals that use MassLogger will opt to rely on various propagation techniques to reach more users –spam emails, phishing, social media spam, fake downloads, torrent, software, game cracks, etc. It is recommended to avoid engaging with suspicious online content, as well as invest in a trustworthy anti-malware solution.