Operation M00nD3V Logger
A data stealer was discovered being sold on underground forums named "M00nD3V Logger''. The Trojan searches for a range of information on the victim's machine including keystrokes, clipboard data, screenshots, video, and credentials from web browsers. The malware exfiltrates the information to the actor's command and control server over alternative protocols including SMTP and FTP. The malicious software is delivered either in malicious attachments or compromised websites and uses various techniques for defense evasion including obfuscation and image file execution options injection.