Posted On 22 Jan 2020

A new malware package named Phoenix is gaining much popularity with cyber criminals. The package can be used for keylogging, information procurement including sensitive and financial data. The package costs $14.99 per month and it does not require a high level of computer expertise in order to use it.

It is thought that the package has already been used to steal passwords, data and screen captures from around 10,000 victims worldwide in the past four months, and it is predicted that it will greatly expand in future.

The package is sold on the dark web and even has a full help network available. It is difficult to monitor its effects as it hides its malware within Word or Excel files, and stores stolen data in computer memory rather than writing on a disk and directly sends it back to the attacker. It is also known to use antivirus software as a Trojan horse for gaining access to computers.

What makes Phoenix particularly dangerous is that anyone can buy it, set it to run, and then just wait for the stolen data to flood back. The package checks through a computer under attack and will disable functions that might help block it, such a system restore. It then logs keystrokes, for example of passwords, and matches them to applications, returning the information to the criminal.

As with all forms of cyberattack, the best thing to do is to ensure that your defenses are robust, i.e., use the best antivirus/malware software you can afford, and keep it fully up-to-date at all times.