The Watcher is a spyware. It has three main components:
- Target: the code that runs on the compromised target machine.
- Watcher: The code that runs on the adversary machine.
- Server: This code runs on the server and works as a middleman between target and watcher.
The Watcher has the following capabilities:
- ScreenReader: The Target code takes screenshots of the target machine and sends to the server which is in turn sent to all the watchers
- Controller: The watcher sends keyboard or mouse control events to the server which is sent to target and the Target code executes those control events on the target machine.
- Keylogger: The target code watches for keykboard events and sends them to the watcher through the server.