I published the following diary on isc.sans.edu: “Simple Powershell Keyloggers are Back”:
Powershell is a very nice language in Windows environments. With only a few lines of code, we can implement nice features… for the good or the bad!
While hunting, I found a bunch of malicious Powershell scripts that implement a basic (but efficient) keylogger. The base script is always the same but contains connection details modified by script kiddies. The current script is based on an old one from 2015. This time, it has been modified to add the following features… [Read more]