MAAS VIP_Keylogger Campaign
Essential information
- Published
- 16/03/2026 10:51
- Modified
- 16/03/2026 11:21
- Tags
- 2026-03-16 browser-targeting process-hollowing spear-phishing vip_keylogger
- Related entities
- 5 observables, 7 techniques (mitre), 1 malware, 3 others
Description
A sophisticated keylogger campaign has been discovered, utilizing spear-phishing emails with attachments containing hidden malware. The campaign targets multiple countries, employing various packaging styles and execution methods. The malware, known as VIP_Keylogger, is delivered using steganography and process hollowing techniques. It focuses on stealing sensitive information from browsers, email clients, and other applications. The keylogger captures browser data, decrypts passwords, and exfiltrates information through multiple channels, including email. While some features appear disabled, the malware demonstrates advanced capabilities in data theft and evasion techniques.