Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials
Keyloggers record keystrokes to steal passwords, messages, and other sensitive data, making them a serious risk to account security and privacy.
Search across headline titles and summaries.
Background for this topic.
Keylogger is software, firmware, or a physical device that records keyboard input, often covertly, and stores or transmits it to another party. In security reporting, the term usually means an unauthorized surveillance or credential-theft tool, although legitimate monitoring tools can use similar techniques with authorization. Captured text may include passwords, recovery codes, messages, and sensitive business data.
Keyloggers matter because they target the endpoint and input process: malware may be installed through phishing or malicious software, while hardware versions require physical access. They may expose passwords or one-time codes entered on an infected device. Defenses include endpoint monitoring, application control, least privilege, timely patching, and inspection of unfamiliar USB or keyboard hardware. If suspected, isolate the device, preserve evidence, reset credentials from a clean device, revoke sessions or tokens, and assess what information was entered.
Weekly headline count for the current query.
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials
Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of next-stage payloads ranging from information stealers to remote access trojans since November 2024
CVE-2017-11882 in discontinued Equation Editor still attracting keylogger campaigns despite software being killed off in 2018 Very few people are immune to the siren song of nostalgia, a yearning for a "better time" when this was all fields and kids respected their elders - and it looks like cyber criminals are no exception.…
Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials
The notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal.
DeepSeek Comes Very Close to Producing a Keylogger and RansomwareSecurity researchers used the Chinese DeepSeek-R1 artificial intelligence reasoning model to come close to developing ransomware variants and keyloggers with evasion capabilities. The model needs prompt engineering and its output requires code editing.
It might need polishing, but a useful find for any budding cybercrooks out there DeepSeek's flagship R1 model is capable of generating a working keylogger and basic ransomware code, just as long as a techie is on hand to tinker with it a little.…
Sly like a PRC cyberattack A Chinese government-backed group is spoofing legitimate medical software to hijack hospital patients' computers, infecting them with backdoors, credential-swiping keyloggers, and cryptominers.…
A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain
Because stealing your credentials, banking info, and IP just wasn’t enough A new variant of Snake Keylogger is making the rounds, primarily hitting Windows users across Asia and Europe. This strain also uses the BASIC-like scripting language AutoIt to deploy itself, adding an extra layer of obfuscation to help it slip past detection.…
A new Snake Keylogger variant, responsible for over 280 million blocked infection attempts worldwide, has been identified targeting Windows users
A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany
Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns
The Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware commonly used to gain initial access to corporate networks. [...]
Malware logs users' keystrokes, pilfers credentials, exfiltrates data Criminals are preying on Windows users yet again, this time in an effort to hit them with a keylogger that can also steal credentials and take screenshots.…
The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea
An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East
The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others
A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla
New Campaign Evades Security Tools to Deliver Agent Tesla Keylogger and XWorm RATThreat actors are using image files or Scalable Vector Graphics files to deliver ransomware, download banking Trojans or distribute malware. The campaign uses an open-source tool, AutoSmuggle, to facilitate the delivery of malicious files through SVG or HTML files.