Expert Insight On New Phoenix Keylogger Tries To Stop Over 80 Security Products To Avoid Detection

By   ISBuzz Team
Writer , Information Security Buzz | Nov 21, 2019 08:04 pm PST

A new keylogger called Phoenix that started selling on hacking forums over the summer has now been linked to more than 10,000 infections, researchers from Cybereason said today in a report. Released in July on HackForums, the Phoenix Keylogger is a new threat that has slowly gained a following on the malware scene.New malware distribution campaigns are being spotted every few weeks, according to threat intelligence shared on Twitter.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Eoin Keary
Eoin Keary , CEO and Cofounder
November 22, 2019 4:06 am

The Phoenix keylogger is advanced and production quality. It can not only log keystrokes, but also capture screenshots. This could be used to defeat multi-factor authentication schemes.

It leverages a CVE CVE-2017-11882, which is a Microsoft office vulnerability relating to Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016, and allows an attacker to run arbitrary code. The risks posed by this vulnerability make a good argument for patching and maintaining current versions of internal systems and software.

The malicious software is available to buy for $14.99 per month of $78.99 for a lifetime subscription. The quality of this malware is a true depiction of the maturity of the malware marketplace.

It is recommended to maintain patching on internal machines and systems in order to help prevent infection. This malware also exfiltrates data via Telegram/FTP/SMTP protocols, which organisations may considered to block at the corporate firewalls from certain systems. Alternatively, stateful rules could be applied as a preventative measure.

Last edited 4 years ago by Eoin Keary

Recent Posts

Would love your thoughts, please comment.x