A keylogger is a software or hardware device that records input of keystrokes from a person’s computer. By and large, keyloggers are installed by malicious programs such as Trojan horses or can even be physically installed by cyber-criminals aiming to compromise data or steal sensitive data like passwords from a victim’s computer.
Ordinarily, a payload is delivered to the victim through a social engineering scheme and upon successful execution, the attacker monitors all the victim input activities. To shed more light on this, we shall take a look at a YouTube fun, Mr. Snowball, who gets phished and is subsequently tricked into downloading a “youtube_downloader” app on his computer.
The hacker who has successfully phished Snowball created the youtube_downloader trojan before sending the phish, with an intention that, once the victim clicks on the downloaded content, it creates a TCP reverse shell from the target system back to the attacker’s system.
Snowball runs the installer but to his surprise, nothing is visually noticed, and a reverse TCP shell of his Windows system is created back to the attacker’s system in form of a meterpreter session in Kali Linux. On obtaining a session, the hacker runs the keylogger to record all keystrokes on the keyboard. On analyzing the recorded keystrokes, the attacker is able to figure out an email and password and all commanded keystrokes on the target machine.
Precaution against Keyloggers
The best way of defending against keylogger attacks is to avoid infection. Take these measures:
- Use caution when opening emails with attachments. Before opening or risking getting into a Trojan, contact the sender directly and ask if they sent you a file.
- Before using removable devices, run a malware scan. It is therefore recommended to install antivirus software or a Trojan remover which should be kept up to date. You should similarly heed to anti-malware alerts against risky websites.
- When downloading software, make sure that you trust the source and contents of the file. You can also unhide hidden file extensions.
- Have User Access Control to prompt the user for a password when a certain program requires administrator-level permission. Change passwords regularly.
Over time, it has been noticed that people are the weakest link in enforcing security and in that respect, Summit Consulting Ltd brings you a Cyber Security Awareness Training course at your premises to bring forth awareness on the various forms of cyber-crime and attack schemes that could be executed on your network, alongside the defensive measures.