The Watcher

The Watcher is a spyware. It has three main components:

  1. Target: the code that runs on the compromised target machine.
  2. Watcher: The code that runs on the adversary machine.
  3. Server: This code runs on the server and works as a middleman between target and watcher.

The Watcher has the following capabilities:

  1. ScreenReader: The Target code takes screenshots of the target machine and sends to the server which is in turn sent to all the watchers
  2. Controller: The watcher sends keyboard or mouse control events to the server which is sent to target and the Target code executes those control events on the target machine.
  3. Keylogger: The target code watches for keykboard events and sends them to the watcher through the server.