Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
github.com/marinx/keylogger
- Version
- v0.0.0-20240620105846-48ca9d01f566
- Version published
- Created
Keylogger
Capture global keyboard events on Linux
Notes
- Only Linux based
- Need root privilages
Installation
go get github.com/MarinX/keylogger
Getting started
Finding keyboard device
There is a helper on finding the keyboard.
keyboard := keylogger.FindKeyboardDevice()
Which goes through each file device name to find keyword "keyboard"
/sys/class/input/event[0-255]/device/name
and returns the file event path if found
/dev/input/event2
If the function returns empty string, you will need to cat each device name and get the event number. If you know already, you can easily pass it to constructor
keylogger.New("/dev/input/event2")
Getting keypress
Once the keylogger returns channel event, you can switch by event code as described in input_event.go For start, you can listen on keyboard state change
keylogger.EvKey
Once you get desire event, there is a helper to parse code into human readable key.
event.KeyString()
Writing keypress
Best way is to open an text editor and see how keyboard will react There are 2 methods:
func (k *KeyLogger) WriteOnce(key string) error
and
func (k *KeyLogger) Write(direction KeyEvent, key string) error
WriteOnce method simulates single key press, eg: press and release letter M
Write writes to keyboard and sync the event.
This will keep the key pressed or released until you call another write with other direction
eg, if the key is "A" and direction is press, on UI, you will see "AAAAA..." until you stop with release
Probably you want to use WriteOnce method
NOTE
If you listen on keyboard state change, it will return double results. This is because pressing and releasing the key are 2 different state change. There is a helper function which you can call to see which type of state change happend
// returns true if key on keyboard is pressed
event.KeyPress()
// returns true if key on keyboard is released
event.KeyRelease()
Example
You can find a example script in example/main.go
Running tests
No magic, just run
go test -v
Creating key sniffer (needs update)
License
This library is under the MIT License
FAQs
Unknown package
Package last updated on 20 Jun 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025