Investigation Exposes Two Organized Keylogger Networks Spanning Nigeria and Malaysia

Investigation Exposes Two Organized Keylogger Networks Spanning Nigeria and Malaysia

A new investigation has uncovered two tightly organised social networks linked to users of the BestRecovery keylogger service. These groups operated mainly from Nigeria and Malaysia, with key members based in Lagos and Kuala Lumpur. Researchers at Recorded Future mapped their connections using publicly available data from Facebook and email records.

The analysis identified nearly 3,000 BestRecovery users whose Facebook accounts were tied to the same email addresses used for the keylogger service. Of these, around 280 had open profiles, allowing researchers to scrape and map their social connections. The findings revealed two distinct but well-structured networks, each with a small number of central leaders.

Both clusters—labelled Cluster 1 (upper) and Cluster 2 (bottom right)—contained the most influential and well-connected members. While the networks largely functioned separately, a few middlemen acted as bridges between them. Recorded Future’s visualisations highlighted these relationships in detailed, colour-coded graphs. Despite the clear structure, the search results did not expose the identities of any leading figures within the two groups. The investigation relied on email addresses linked to BestRecovery purchases and Facebook activity to trace the connections.

The research sheds light on how BestRecovery users formed organised, cross-border networks. The data shows a small group of intermediaries maintaining links between otherwise separate clusters. No further details about the individuals involved have been publicly disclosed.

Read also:

• Europe’s abandoned coal mines could power a solar energy revolution
• £6M Suthers Court project delivers 36 new homes to Oldham’s Werneth area
• Australia Proposes Hefty Fines for Companies Failing to Protect User Data
• Banned from Camp John Hay: Ex-mayor and allies face golf course dispute