If there was something that can help prepare you for the next data breach would you use it?Read More
Sunday roundup for the week ending the 24th of July 2017. Please contact me if you would like to be featured on security-sleuth.com.
I'll be travelling around the globe over the next month post may appear less frequently than ususal.Read More
In my last post I gave a brief introduction to what a keylogger is. In summary a Keylogger is a piece of Hardware or Software that records your keystrokes (usually against your permission). This post is going to look explicitly at Software keyloggers.
In this post I'm also not going to cover any of the free keylogger software available out there for three reasons:
- Most of it is old.
- Most of it is very clunky.
- Its easily detected by Antivirus.
Instead I'm going to focus on Keylogger code.
What is a Software Keylogger?
A Software keylogger is different from the Hardware keyloggers we covered here. Software keyloggers essentially perform the same functions as Hardware keyloggers in that they log keystrokes however where as Hardware keyloggers require a dedicated device, software keyloggers only need to be written to run on a victims operating system. Software keyloggers also usually have more features builtin than hardware keyloggers, for example its quite common for software keyloggers to also take screenshots or in some cases even record video on periodic intervals and send them back to a remote server this would be quite difficult to do with a Hardware keylogger.
As fields like virtualisation and now containerisation have advanced in the last decade there has been an increase in the complexity and also functionality of software keyloggers there are now kinds of keyloggers which run explicitly from virtual machines or can detected when they have infected a virtual machine and act accordingly.
Keyloggers are actually quite easy to find on the internet. Just doing a quick google serach provides a goldmine of information you can user to create your own keylogger. Most of these examples are in Python or C++ heres a few of the best ones:
GitHub is an absolute treasure trove for keyloggers I have listed a few examples below but its also good to look at botnet code or trojans to see how they do keylogging as in some cases they might have a more efficient system than some of the ones below:
A few months ago i modified a C++ Keylogger and installed it on a virtual machine. heres some sample output:
In a nutshell one started all keys are logged to a file in C:\WINDOWS called KeyboardServices.txt to get the whole thing running from looking at some code samples and chopping and changing some bits the whole operation took an hour.
Im still fixing up some issues where it logs special characters as "Unknown Character" but it make deciphering text that little bit easier but it could get in the way if your trying to sniff passwords and all the special Characters are coming up as "Unknown Character".
If I ever setup GitHub I'll be sure to upload it and make a reference to it here.
Protecting Yourself from Software Keyloggers
Just like protecting yourself from hardware keyloggers many of the same rules/tips apply but I have included a few extra here:
- Always check any computer you are using for any strange peripheral devices.
- Make sure you thoroughly check any PC's or devices you purchase online to make sure you haven't received any "Bonus extras".
- Regularly audit your PC for peripheral devices.
- Use air gapped machines for any business or sensitive admin tasks.
- If you have to use a machine with a level of security you don't trust enter sensitive information out of order use the mouse cursor to help.
- Use a Key Scrambler program.
- Use Antivirus regularly. most Antivirus products detect keyloggers quite easily.
- Use additional Anti-malware / keylogger detection software.
- Periodically audit system locations for any suspicious files. The keylogger I wrote stores the keystrokes in the Windows Folder many may do the same or similar.
- Use a Password manager App to avoid keying in your password repeatedly.
As always please let me know if found this article useful or if you didn't, Don’t forget to like this post or leave a comment below to let me know another area you would be interested in reading about. Thanks for your continued support! Until next time!