The method Malware is engendered by AutoHotKey
A lot of research was conducted on how malware is created by AHK, which is a tool created by Microsoft Windows that scripts language. AHK has the capability to communicate with the local file system, apps, scheduled tasks, and it can make software packages inside third parties. Moreover, AHK’s scripting language is very simple to the extent that amateurs can understand.
According to such ease, gamers have been using AHK to make cheating tools to advance in their games. This sid,e of the matter is not a big deal, in fact, others have been trying to manipulate this language for malicious purposes like hacking. Accordingly, many believe that this method could hold a strong potential in the hacking world as seen in Cyberason and Ixia reports.
The research team in Ixia mentions in the report AHK malware has been investigated to be intended to mine cryptocurrency at the end of February, which can be seen in the clipbanker case. Its operation is based on waiting for any action in your clipboard to substitute it with a malicious address for you to visit for cryptocurrency mining purposes. Such case can be used to make you send money to false addresses by a fake script.
As we have seen the summary of Ixia report, we will now explore the report published by Cybereason. The staff found out that AHK has a relevance between the Kaspersky Antivirus and a keylogger scripted in AHK. The research facility also talked about a malware called Fauxpersky that upon invasion, collects sets of drives and duplicates itself to them to propagate through the connected devices. Keylogger also is capable of renaming the drives to make it look like its nomenclature: The original name, size, and string. Moreover, it is capable of placing an autorun. Inf installer to launch a script to steal some personal data. By using Google forms, the hackers become able to manipulate the Command and Control server. In the end the research team summarized the following
“This malware is by no means advanced or even very stealthy. Its authors didn’t put any effort into changing even the most trivial things, such as the AHK icon that’s attached to the file. However, this malware is highly efficient at infecting USB drives and collecting data from the keylogger, exfiltrating it through Google Forms and depositing it in the attacker’s inbox,”
Despite the fact that AHK Malware is growing, Python and PowerShell still Dominate
According to Dr. Bontchev’s perspective, who is a very experienced security researcher, AHK is weak and will not be as strong as Autolt, which has been used as the default language by amateur hackers. He added that Python and PowerShell are more advanced and it would take a lot of effort to mimic their scripting style. Although other languages dominate more than AHK, do not forget that AHK is open source and can be shielded against radars.
Related Article:The misconduct of Facebook-Cambridge Analytica Scandal