Warning: Fauxpersky malware poses as Kaspersky antivirus

Costea Lestoc By: Costea Lestoc
2 minute read
Fauxpersky keylogger

As you can already imagine, this new malware is called Fauxpersky for a reason. It seems to impersonate Kaspersky which is the famous Russian antivirus software. Fauxpersky was recently discovered, and it seems to be a keylogger malware that has been infecting systems.

Researchers say that the bug is not too advanced, but unfortunately, it’s highly efficient at stealing your passwords and sending it straight to a cyber criminal’s inbox.

Fauxpersky’s origins

This keylogger was built off AutoHotKey which is a popular app that allows users to write tiny scripts for automating tasks and afterwards compile them into executable files.

The app was forced by hackers to build a keylogger which is now spreading its tentacles via USB drives and keeps infecting systems running Windows. It also has the ability to replicate on the system’s listed drives.

Researchers who found the issue, Amit Serper and Chris Black, wrote a detailed blog post that got published on Wednesday, March 28 in which they address the exact means through which Fauxpersky works its way into systems.

AutoHotKey (AHK) allows users to write code (in its own scripting language) that interacts with Windows, reads text from Windows and sends keystrokes to other applications, among other tasks. AHK also allows users to create a ‘compiled’ exe with their code in it. Now if you’re an attacker reading this, you probably realize that AHK is great to use for writing simple and highly efficient credential stealers. And what do you know? We found a credstealer written with AHK that masquerades as Kaspersky Antivirus and spreads through infected USB drives. We’ve named it Fauxpersky.

Fauxpersky’s modus operandi

Fauxpersky malware

Researchers also said that even if this malware is not exactly advanced, it still manages to be quite dangerous because it infects USB drives and gets data from the keylogger via Google and sends it to the attacker’s inbox.

After the bug’s core file are running, everything that is being typed on a system is recorded into a text file with the window’s name so that the attacker can have a better understanding of the text’s content. The data gets out of the system via a Google Form and heads to the attacker’s inbox, and the file gets deleted from the disk.

Google took the malicious form down

After the researchers have reported the form to Google, the company took it down immediately and did not comment anything on this matter.

We don’t know how many systems have been infected, but considering that it spreads via sharing USB drives, it might not have reached that many computers.

RELATED STORIES TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patented Technologies (requires upgrade).

Discussions

Next up

Update KB4470200 blocks problematic Insider build on Nuvoton PCs

Giles Ensor avatar. By: Giles Ensor
2 minute read

The cumulative update KB4470200 for Windows 10 Fast Ring has just launched in the November Patch Tuesday roll out, and it packs two important fixes. Grab […]

Continue Reading

Download KB4467697, KB4467703 to fix high CPU usage issues

Giles Ensor avatar. By: Giles Ensor
2 minute read

We continue our Patch Tuesday series. Two more updates for you in this article – KB4467697 and KB4467703, which both are an attempt to fix an issue […]

Continue Reading

Windows 10 KB4467708, KB4464455 fix black screen and camera issues

Giles Ensor avatar. By: Giles Ensor
3 minute read

In this article, we are going to be talking about two November 2018 Patch Tuesday updates – KB4467708 and KB4464455. Both these updates are quality improvement […]

Continue Reading