Search This Blog

Showing posts with label Spyware Attack. Show all posts

Expert Malnev gave tips on detecting Keylogger

Alexey Malnev, head of the Jet CSIRT Information Security Monitoring and Incident Response Center of Jet Infosystems, spoke about how to detect a Keylogger.

According to the expert, this can be done by scanning the computer with antivirus software, as well as thanks to the built-in EDR (Endpoint Detection and Response) system that analyzes the processes and their memory operation within the operating system.

In the case of corporate devices, a traffic inspection system will help, which can detect a connection over a suspicious Protocol or to a suspicious server on the Internet. The presence of an incident monitoring center in an organization can help detect an entire cyber operation of attackers on its infrastructure, or targeted attacks.

According to the expert, the presence of Keylogger can be considered a symptom of a complete hacking of the user's computer, and this is very bad news for the user. The fact is that modern malicious software most often uses Keylogger as one of many modules.

"There is a high probability that there is already a whole set of other potential problems: theft of confidential files from the hard disk, interception of account data, hidden audio and video recording (if there are a microphone and video camera), the potential destruction of data (if there is a malicious ransomware encryption module), full remote access,” said he.

In such cases, users should immediately disconnect the computer from the local network and the Internet, and then, without restarting it, hand it over to specialists in cybercriminalism. According to Malnev, it is more important to determine how the computer was attacked.

"Xsser mRAT", an Advanced iOS spyware targets Hong Kong protesters


Security researchers from Lacoon Mobile Security company identified an advanced iOS Trojan targeting protesters in Hong Kong.

The trojan dubbed as 'Xsser mRAT", is related to similar Android malware found last month targeting the protesters.

The android version of this malware is distributed via whatsapp messages disguised as an application to help coordinate Occupy Central protest.

"The fact that this attack is being used against protesters and is being executed by Chinese-speaking attackers suggests it’s first iOS trojan linked to Chinese government cyber activity." the company wrote.

The malware is capable of stealing text messages, contact list, call logs, location information, photos and other information.  It also steals passwords from the iOS keychains.

The good news is that the malware can run only if the user's device is jailbroken.  You can find lot more information and technical information in their blog post.

iPhone spyware can be used to capture Desktop computer Key strokes

iPhone can be used to capture the Desktop computer keystrokes.  Sounds interesting?A team of researchers at Georgia Tech demonstrated how to use the accelerometers of a smartphone to capture the Keystrokes of Desktop Computers by placing nearby.

Patrick Traynor, an assistant professor in Georgia Tech's School of Computer Science, admits that the technique is difficult to accomplish reliably but claims that the accelerometers built into modern smartphones can sense keyboard vibrations and decipher complete sentences with up to 80% accuracy.

"We first tried our experiments with an iPhone 3GS, and the results were difficult to read," said Traynor. "But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack."

Researcher posted what displayed in iPhone:

Presently the spyware cannot determine the pressing of individual keys through the iPhone's accelerometer, but "pairs of keystrokes" instead. The software determines whether the keys are on the right or left hand side of a standard QWERTY keyboard, and then whether the pair of keys are close together or far apart.

With the characteristics of each pair of keystrokes collected, it compares the results against a dictionary - where each word has been assigned similar measurements.

For example, take the word "canoe," which when typed breaks down into four keystroke pairs: "C-A, A-N, N-O and O-E." Those pairs then translate into the detection system’s code as follows: Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far, or LLN-LRF-RRF-RLF. This code is then compared to the preloaded dictionary and yields "canoe" as the statistically probable typed word.

For understandable reasons, the technique is said to only work reliably on words which have three or more letters.

Text recovery

Henry Carter, one of the study's co-authors, explained the attack scenario that they envisaged could be used:

"The way we see this attack working is that you, the phone’s owner, would request or be asked to download an innocuous-looking application, which doesn’t ask you for the use of any suspicious phone sensors."

"Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening."