[BreachExchange] Personal Data Risks: Why Hackers Infect Your Computer with Keyloggers
Destry Winant
destry at riskbasedsecurity.com
Wed Nov 14 02:59:51 EST 2018
https://www.tmcnet.com/topics/articles/2018/11/13/440248-personal-data-risks-why-hackers-infect-computer-with.htm
Today’s powerful computer viruses often consist of several components,
each responsible for its own aspect of harmful effects. These programs
resemble Swiss military knives and allow an attacker to perform
various activities on an infected system. One of the common elements
used during cyberattacks is called a keylogger.
Keylogger definition
A keylogger is a type of software or (sometimes hardware) that can
intercept and record user activities performed on an infected
computer. Most often keyloggers, as the name suggests, monitor the
keyboard and your keystrokes. More sophisticated types of keyloggers
monitor mouse movements and clipboard activities.
So, as we said, the keylogger most often represents an intermediate
agent located between the keyboard and the operating system. It tracks
all communication without the user's knowledge. In addition, it can
store and save data locally on the infected computer. When the
keylogger is part of a more advanced attack, then it may transfer the
recorded data to a remote computer under the control of an attacker.
Although the term "keylogger" is usually used in relation to harmful
programs, there are also semi-legal monitoring tools that have the
features of keyloggers. These are used by law enforcement agencies.
Types of keyloggers
There are many types of keyloggers, however, in general, they can be
divided into two main categories: software programs and special
equipment. Software keyloggers are used more often and are usually a
part of larger type of malicious software, such as a Trojan or
rootkit.
Software keyloggers are easy to install on the attacked computer
because they do not require physical access to it. A characteristic
feature of keyloggers is the ability to impersonate the application
interface of the Windows system. It allows them to track every
keystroke without being noticed. There are also kernel keyloggers,
man-in-the-browser keyloggers and many more.
Hardware keyloggers are less common because they require a physical
access to the victim’s device. Some parts can be implemented already
at the equipment production stage (in BIOS), can also be installed on
a USB flash drive or in the form of fake keyboard connectors (between
a keyboard cord and a computer). Despite the fact that this option is
more difficult to install, it can increase the flexibility of the
attacker's actions, as it is completely independent of the system.
Infection methods
Software keyloggers are often delivered to devices by malicious
downloaders as a component of complex malware. Machines can be
infected through a drive-by download attack from a malicious website
that exploits existing vulnerabilities on your computer. Another
popular infection method is spam email campaigns. In some cases,
keyloggers can be installed as legitimately looking programs - by
infecting the download path or by adding a pest to the program itself.
Hardware keyloggers are most often installed by an attacker who has
physical access to a computer.
Detection and removal of keyloggers
Detecting malicious keyloggers is not so easy due to the fact that
these applications do not behave like other malicious programs. They
do not search the victim’s computer for valuable data and do not send
it to the distant servers. Moreover, unlike other malware, they do not
harm the data stored on the infected device. Keyloggers are programmed
so that their presence goes unnoticed, these are secret spies working
undercover.
Anti-malware products may detect and remove all already known variants
of keyloggers, but in the case of a targeted attack they may not be
recognized quickly enough, and time will depend on the activity of the
malicious program on the infected computer.
When a user suspects that a keylogger has appeared on his device, he
can try to outwit it by launching a different operating system from a
USB flash drive or using a virtual keyboard. It is recommended to scan
your system for viruses on regular basis and to update all software
and system the day new patches arrive.
More information about the BreachExchange
mailing list