Researchers at cybersecurity company Deep Instinct identified a variant of Spora ransomware that is able to log users' keystrokes, ZDNet reports.
The Spora variant was reportedly distributed during a 48-hour phishing campaign Aug. 20, during which cyberattackers sent Word documents disguised as invoices. To view the file, targets were asked to enable Windows Script File, which executed the malware.
Like typical ransomware, the Spora variant encrypts a target's files and presents the target with a ransom note. However, it also collects browsing history and credentials from web cookies and captures a target's keystrokes.
"By stealing credentials from victims, criminals are ensuring a double payday, because not only can they make money from extorting ransoms, they can also potentially sell stolen information to other criminals on underground forums," according to ZDNet.