Security News > 2022 > December > New DuckLogs malware service claims having thousands of ‘customers’
A new malware-as-a-service operation named 'DuckLogs' has emerged, giving low-skilled attackers easy access to multiple modules to steal information, log key strokes, access clipboard data, and remote access to the compromised host.
It claims to have thousands of cybercriminals paying a subscription to generate and launch more than 4,000 malware builds.
Cyble's malware researchers caught the DuckLogs malware and published a technical analysis of their findings.
DuckLogs includes mainly an information stealer and a remote access trojan component but it has more than 100 individual modules that target specific applications.
Cyble researchers say that the malware also supports Telegram notifications, encrypted logs and communication, code obfuscation, process hollowing to launch payloads in memory, a persistence mechanism, and a bypass for the Windows User Account Control.
The web-based panel is currently available on four clearnet domains and appears to provide powerful payload-building features with options for the modules and functions to be added to the final malware build.