Keylogging is the malicious action of spying on the keyboard input of a target user. This is done in secret by malware applications that steal account credentials and passwords from the victims.

The Radium keylogger is a recent example of a potent solution that can be used by hackers to steal passwords and other sensitive information that is typed by the user. The program is written in the Python programming language which is popular among computer criminals.

Radium can spy on both applications and keystrokes. In addition it can produce screenshots of the user’s action like the CloudFanta malware. Radium uses a drive tree structure and can send the logs by email when configured by the hackers. In addition it can steal the stored passwords of the following programs and services – Chrome, Mozilla, Filezilla, Core FTP, CyberDuck, FTPNavigator, WinSCP, Outlook, Putty, Skype and Generic network access.

Radium can also steal cookies and gather specific system information – Internal and External IP, the output of ipconfig and the platform (system architecture).

Features

Applications and keystrokes logging

Screenshot logging

Drive tree structure

Logs sending by email

Password Recovery for Chrome Mozilla Filezilla Core FTP CyberDuck FTPNavigator WinSCP Outlook Putty Skype Generic Network

Cookie stealer

Keylogger stub update mechanism

Gather system information Internal and External IP Ipconfig /all output Platform



Usage

Download the libraries if you are missing any.

Set the Gmail username and password and remember to check allow connection from less secure apps in gmail settings.

Set the FTP server. Make the folder Radium in which you’ll store the new version of exe.

Set the FTP ip, username, password.

Remember to encode the password in base64.

Set the original filename variable in copytostartup(). This should be equal to the name of the exe.

Make the exe using Pyinstaller

Keylogs will be mailed after every 300 key strokes. This can be changed.

Screenshot is taken after every 500 key strokes. This can be changed.

Remember: If you make this into exe, change the variable “originalfilename” and “coppiedfilename” in function copytostartup().

Remember: whatever name you give to “coppiedfilename”, should be given to checkfilename in deleteoldstub().

Things to work on

Persistance

Taking screenshots after a specific time. Making it keystrokes independent.

Webcam logging

Skype chat history stealer

Steam credential harvester

Requirements

Tutorial