Submitted via IRC for AndyTheAbsurd
Abstract:
Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim's machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection techniques against keyloggers become increasingly better. This article presents the method of Mouse Underlaying for creating a new kind of software based keyloggers. This method is implemented in Java for testing countermeasures concerning keylogger protection, virtual keyboard, signatures and behavior detection by anti-virus programs. Products of various manufacturers are used for demonstration purposes. All of them failed without an exception. In addition, the reasons why these products failed are analyzed, and moreover, measures against Mouse Underlaying are developed based on the demonstration results.
Source: http://eudl.eu/doi/10.4108/eai.15-10-2018.155740
(Score: 0) by Anonymous Coward on Sunday October 21 2018, @05:04AM
You're just suggesting a shift in attack surface.
Most OS'es don't protect the copy buffer from access across processes. That is, in fact, one of the major use cases.
It's not uncommon for malware to watch that buffer for strings that might be of interest (>5chars and 256 chars) and keep a copy of it all.
Rather like using a screen keyboard. Sure,that stops a keylogger. And instead exposes the mouse event list.\
Think of this like with video. There's something parallel to the analogue hole, on the input side. You can't enter a password without enteering it, somehow, across some channel.