More than 6,000 victims have been compromised by the new DuckLogs malware-as-a-service
operation, whose platform is being leveraged by over 2,000 cybercriminals, according to BleepingComputer
Cyble researchers discovered that DuckLogs features an info-stealing component aimed at exfiltrating hardware and software information, browser-stored account credentials and cookies, local disk files, data from messaging apps, Outlook and Thunderbird emails, FileZilla and TotalCommander data, CrypticVPN, OpenVPN, NordVPN, and ProtonVPN data, Steam, Minecraft, Battle.Net, and Uplay accounts, and Metamask, Exodus, Coinomi, Atomic, and Electrum cryptocurrency wallets.
DuckLogs also has a remote access trojan component that could facilitate the execution of files retrieved from the command-and-control server. More than 100 other modules supporting keystroke logging and a clipper have also been found in DuckLogs, which could also evade Windows User Account Control.
Spam and phishing emails are the likely initial infection vectors leveraged by threat actors using the DuckLogs malware in their attacks, said the report.