Keylogging tools to steal personal and financial information from victims are available as a “service” from a site known as PrivateRecovery, which offers the tools for just $25 to $33 a month, according to a list of leaked records which offers an insight into the black market for keyloggers.
PrivateRecovery’s keylogger is often sent to victims disguised as a screensaver, but site users attempt to scam victims into opening it via methods including online dating scams, where the malware is delivered as a “picture” of their beloved, after a long online courtship.
Many users of PrivateRecovery appear to be “Nigerian 419 scammers”, according to security expert Brian Krebs, who was forwarded a list of around 3,000 users of the site by an unnamed contact he described as a Gray Hat hacker.
“The site was so poorly locked down that it also exposed the keylog records that customers kept on the service,” Krebs said. “Logs were indexed and archived each month, and most customers used the service to keep tabs on multiple computers in several countries. A closer look at the logs revealed that a huge number of the users appear to be Nigerian 419 scammers using computers with Internet addresses in Nigeria.”