DuckLogs: A MaaS menace to watch out for

DuckLogs is a malware-as-a-service (MaaS) operation that provides unskilled attackers easy access to multiple modules for information theft, keystroke logging, clipboard data access, and remote access to the compromised host. First appeared in 2020, DuckLogs is only accessible online and claims to have thousands of online criminals subscribed to it in order to generate and distribute more than 4,000 malware builds.

The great majority of DuckLogs contain components related to information theft and RATs (Remote Access Trojan). Most of the time, spam or phishing emails are deployed to propagate the infection. The info-stealer component, which primarily targets messaging applications, emails, web browsers, VPN account data, passwords, cookies, login data, history, and cryptocurrency wallets, is composed of more than 100 different modules.

The RAT component retrieves files from the C2 server and then provides methods that allow the host to run those files. It can also lock the device, display a crash screen, cause the system to shut down and restart, or open URLs in the browser. This malware is designed to steal sensitive information from infected devices, including credit card numbers, usernames, passwords, and other private data.

The DuckLogs web panel offers strong functionalities, which include building the malware programme, monitoring, and retrieving the victims’ stolen logs. Along with features for creating payloads, it offers threat actors options for additional modules and functionality to be included in the complete malware package.

In nations including the United States, the United Kingdom, Germany, France, Italy, Canada, Australia, and Japan, DuckLogs have primarily targeted sectors like financial services, healthcare, retail, government, and technology