iSpy Keylogger sold on dark web for $25 found targeting passwords, webcams and Skype

Security researchers have uncovered a new keylogger dubbed iSpy put up on sale on the dark web for as little as $25. Unlike other traditional keyloggers, iSpy is capable of not just monitoring and tracking users' keystrokes, but can also take control over a device's webcam, steal passwords, take screenshots and more. The malware was found being sold on underground forums through "multiple subscription packages".

Security researchers at Zscaler ThreatLabZ uncovered the iSpy keylogger's campaign and found that the malware was also capable of recording Skype chats and stealing licence keys for software such as Microsoft Office and Adobe Photoshop. Researchers found that the malware was distributed via spam email campaigns, which came with malicious JavaScript or document attachments.

Zscaler ThreatLabZ researchers said: "Written in .Net 2.0, iSpy is configured for keylogging. iSpy has many customisable features (Figure 6) including the functionality to record keystrokes, recover passwords, and retrieve serial keys from various software, then sending the stolen data over SMTP, HTTP, or FTP. It also has a web panel that helps the attacker to monitor the activity of iSpy infections."

The malware also incorporates various obfuscation techniques, including deleting an infected system's "Zone.Identifier' flag from Alternate Data Stream (ADS) to disable the security warning message that is displayed every time the malware file is executed."

Additionally, iSpy has been designed to disable antivirus on infected systems. In efforts to evade detection, iSpy uses customised encryption to encrypt all stolen data, before passing it along to its C&C (command and control) servers.

"Commercial keyloggers are general-purpose data stealing tools used by criminals to collect as much data as possible about a victim. There are many commercially available keyloggers in the underground market and, unfortunately, using them is fairly easy, requiring little technical knowledge. In spite of the increased use of specialized tools, the keylogger remains a common, and quite potentially damaging, tool," the researchers said.

iSpy is currently being sold on the dark web via three different subscription models, one of which allows criminal elements to lease the malware for specific time periods. The malware developers are also offering a monthly, bi-year and yearly subscriptions, ranging in prices of $25, $35 and $45 each.

"Overall, we are seeing a rise in malicious activity involving commercial keyloggers, which makes it very easy for a naive user with malicious intent to conduct successful attacks," said Deepen Desai, director of security research at Zscaler, Threatpost reported.