Submitted via IRC for AndyTheAbsurd
Abstract:
Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim's machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection techniques against keyloggers become increasingly better. This article presents the method of Mouse Underlaying for creating a new kind of software based keyloggers. This method is implemented in Java for testing countermeasures concerning keylogger protection, virtual keyboard, signatures and behavior detection by anti-virus programs. Products of various manufacturers are used for demonstration purposes. All of them failed without an exception. In addition, the reasons why these products failed are analyzed, and moreover, measures against Mouse Underlaying are developed based on the demonstration results.
Source: http://eudl.eu/doi/10.4108/eai.15-10-2018.155740
(Score: 2) by darkfeline on Saturday October 20 2018, @09:49PM (1 child)
This doesn't affect password managers, especially if integrated into a web browser. Yet another reason to use one if you aren't already.
(This is only really a problem for remote logins, of which websites make up the majority. There's not much the attacker can do with my local user login password, SSH should always be by public key.)
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Sunday October 21 2018, @05:04AM
You're just suggesting a shift in attack surface.
Most OS'es don't protect the copy buffer from access across processes. That is, in fact, one of the major use cases.
It's not uncommon for malware to watch that buffer for strings that might be of interest (>5chars and 256 chars) and keep a copy of it all.
Rather like using a screen keyboard. Sure,that stops a keylogger. And instead exposes the mouse event list.\
Think of this like with video. There's something parallel to the analogue hole, on the input side. You can't enter a password without enteering it, somehow, across some channel.