HQ/EMEAFind out how we can help your business
Even low-skilled threat actors could utilise the newly emerged malware-as-a-service (MaaS) called ‘DuckLogs,’ providing them access to various compromised modules to steal data, log keystrokes, and control the compromised network remotely.
Researchers explained that the DuckLogs MaaS is a web-based platform, claiming to have thousands of malicious clients paying subscription fees to create and launch over 4,000 malware families. DuckLog’s operators also offer additional services to some clients to help them spread payload through a file-dropping tool and a file extension changer.
As observed from the web panel of the DuckLogs MaaS, it has obtained over 2,000 malicious subscribers and counting about 6,000 victims.
Based on an analysis, DuckLogs mainly consists of an info-stealer and a remote access trojan (RAT), although it is constructed with over 100 separate modules for specific applications. There are numerous targeted data and applications that DuckLogs’ info-stealing component can accommodate. Some include hardware and software details, local disk files, and web browser cookies.
On the other hand, DuckLog’s RAT component can fetch files from the operators’ remote C2 server, display a crash screen, lock, shut down, restart, or log out of the computer, or open web links in the victim’s browsers.
Some significant modules of the DuckLogs MaaS include logging users’ keystrokes, a clipper for cryptocurrency hijacking, and a tool to take screenshots. The malware platform can also display Telegram channel notifications, encrypted logs and communications, code hiding, and more.
Its malicious users can also choose from anti-evasion features, such as Windows Defender exclusion, Task Manager disablement, or payload execution delay.
As for the platform’s infection vector, it is commonly spread through phishing messages or email spam. Thus, people are warned to avoid clicking links from suspicious messages and immediately delete them from their inboxes.
It is also important to avoid downloading software or applications from pirate or third-party sites since the malicious actors could also use that to spread malware. Furthermore, ensure that computers are updated with the latest security patches to bolster protection against such threats.
