VXer turns to ancient freemium model to flog keylogger, malware tools

Malware has been spotted using the freemium model more than 30 years after it was introduced.

PhishMe malware researcher Paul Burbage (@hexlax) spotted the revitalised model in a keylogger sold as a freemium public download and as a US$55 full version purchase.

The Viotto Keylogger is the offensive security tool designed by a self-described eponymously named security and malware researcher and consultant.

Viotto, 26, of Italy, according to his biography, has designed crypting tools used to obfuscate malware, a binder to unify files under a single executable, and the Poseidon Mailer spam client.

He's also active on security forums opensc.ws and hackhound.

Whether Viotto is a criminal black- or grey-hat may be up for debate, since keyloggers are legitimate penetration testing tools, but the author falls solidly into the former category for pushing spam and malware obfuscation tooling.

Burbage says the freemium keylogger was spotted in active FedEx spam campaigns.

"The recent sighting of the freely available Viotto Keylogger in the wild reminds us that cybercrime has a low barrier to entry and that tools built years ago continue to be used to exploit unsuspecting users," Burbage says.

"For this particular campaign, [a] suspicious email had an ARJ archive attachment, which contained a Windows PE32 executable."

The keylogger is poorly built, however, and leaks the email and FTP credentials of attackers who use it. Burbage says the credentials can be easily plucked from the application’s process memory.

He has uploaded Yara rules to help administrators detect the threat. ®