Submitted via IRC for AndyTheAbsurd
Abstract:
Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim's machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection techniques against keyloggers become increasingly better. This article presents the method of Mouse Underlaying for creating a new kind of software based keyloggers. This method is implemented in Java for testing countermeasures concerning keylogger protection, virtual keyboard, signatures and behavior detection by anti-virus programs. Products of various manufacturers are used for demonstration purposes. All of them failed without an exception. In addition, the reasons why these products failed are analyzed, and moreover, measures against Mouse Underlaying are developed based on the demonstration results.
Source: http://eudl.eu/doi/10.4108/eai.15-10-2018.155740
(Score: 3, Informative) by bzipitidoo on Saturday October 20 2018, @02:05PM
But just try to find a keylogger that's used for debugging. Search results will be overwhelmed with keyloggers for collecting passwords.
(Score: 2) by crafoo on Saturday October 20 2018, @02:31PM (1 child)
Good to know the basics are still fairly widely used. Kinda like finding 18s on a used Nissan Sentra with locking lugnuts. Really takes me back to the 90s.
(Score: 2) by driverless on Sunday October 21 2018, @02:06AM
But who wrote that gibberish headline?
Obstreperous Elephant and Green Hoover Based on a Practically Somnambulent Cat with Squeamish Ossifrage.
(Score: -1, Offtopic) by Anonymous Coward on Saturday October 20 2018, @09:19PM
Report to your nearest Saudi embassy and their helpful consular officials will cut off your fingers. Kashoggi doesn't have to worry about keylogging anymore.
(Score: 2) by darkfeline on Saturday October 20 2018, @09:49PM (1 child)
This doesn't affect password managers, especially if integrated into a web browser. Yet another reason to use one if you aren't already.
(This is only really a problem for remote logins, of which websites make up the majority. There's not much the attacker can do with my local user login password, SSH should always be by public key.)
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Sunday October 21 2018, @05:04AM
You're just suggesting a shift in attack surface.
Most OS'es don't protect the copy buffer from access across processes. That is, in fact, one of the major use cases.
It's not uncommon for malware to watch that buffer for strings that might be of interest (>5chars and 256 chars) and keep a copy of it all.
Rather like using a screen keyboard. Sure,that stops a keylogger. And instead exposes the mouse event list.\
Think of this like with video. There's something parallel to the analogue hole, on the input side. You can't enter a password without enteering it, somehow, across some channel.