Keylogging is the malicious action of spying on the keyboard input of a target user. This is done in secret by malware applications that steal account credentials and passwords from the victims.
The Radium keylogger is a recent example of a potent solution that can be used by hackers to steal passwords and other sensitive information that is typed by the user. The program is written in the Python programming language which is popular among computer criminals.
Radium can spy on both applications and keystrokes. In addition it can produce screenshots of the user’s action like the CloudFanta malware. Radium uses a drive tree structure and can send the logs by email when configured by the hackers. In addition it can steal the stored passwords of the following programs and services – Chrome, Mozilla, Filezilla, Core FTP, CyberDuck, FTPNavigator, WinSCP, Outlook, Putty, Skype and Generic network access.
Radium can also steal cookies and gather specific system information – Internal and External IP, the output of ipconfig and the platform (system architecture).
- Applications and keystrokes logging
- Screenshot logging
- Drive tree structure
- Logs sending by email
- Password Recovery for
- Core FTP
- Generic Network
- Cookie stealer
- Keylogger stub update mechanism
- Gather system information
- Internal and External IP
- Ipconfig /all output
- Download the libraries if you are missing any.
- Set the Gmail username and password and remember to check allow connection from less secure apps in gmail settings.
- Set the FTP server. Make the folder Radium in which you’ll store the new version of exe.
- Set the FTP ip, username, password.
- Remember to encode the password in base64.
- Set the original filename variable in copytostartup(). This should be equal to the name of the exe.
- Make the exe using Pyinstaller
- Keylogs will be mailed after every 300 key strokes. This can be changed.
- Screenshot is taken after every 500 key strokes. This can be changed.
- Remember: If you make this into exe, change the variable “originalfilename” and “coppiedfilename” in function copytostartup().
- Remember: whatever name you give to “coppiedfilename”, should be given to checkfilename in deleteoldstub().
Things to work on
- Taking screenshots after a specific time. Making it keystrokes independent.
- Webcam logging
- Skype chat history stealer
- Steam credential harvester