Keylogger Attacks

Hello, world. I’m Zanidd and welcome to the Hands On Password Cracking and Security course on Code Red.

In this section, we’re discussing the downsides of passwords. We will also take a brief look at alternatives at the end of the section. In this video, we’re going to take a look at keylogger attacks, one of the oldest form of cyber threats which is still used today. A keylogger is basically malware on the victim’s computer that will read all of the key presses and log them to the attacker. Additionally, to just logging the keystrokes to a log file, an attacker can use a command and control infrastructure, which allows him to see the keystrokes in almost real time.

The loggers can also be optimized to recognize patterns, like when the user is using an @ symbol, and only record or highlight these parts. It can make finding passwords very easy as you don’t have to scroll through the entire log, or the log only contains password pairs. Keyloggers also come in different forms. The most commonly known one is malware. Keyloggers can come as malware. It is typically installed on the victim’s machine by means of phishing. The attacker sends a forged email from a company telling the victim to download, install, or run some executable to solve a specific problem. And the executable will turn out to be a keylogger.

An example could be an app on your smartphone which promises you to optimize the speed of your phone but instead just logs everything you do. It can also come from downloading software from the internet without checking it on your PC, for example. Some of them even disguise themselves as antiviruses. So you download it in the hopes that it will make you more secure, but instead, you’re actually downloading a keylogger. You can check the files with services like VirusTotal before opening or running them in a virtual machine to make sure they’re not harmful.

USB sticks - another way to spread the keylogger, or any malware, for that matter - is to install it on a USB stick like the Rubber Ducky and plant them on strategic places. For example, you could add a label with a tax salary report 2020 and drop it somewhere in the garage near a car. A user that will go to that car will find the stick in front of his car and will probably be tempted to plug it into the computer, and the stick will do its magic. You could even hide the keylogging program in an Excel file so he will actually open the keylogger himself. And that’s all done without any social interaction or phishing by the hacker.

And if the attacker wants to increase his chances of getting into a computer, he just has to drop more USB sticks in front of multiple cars. Bugs are another way to log your keystrokes - or more specifically, software and hardware bugs. For example, last year a Logitech bug allowed attackers to sniff all the signals of a wireless mouse. The attacker could do a man-in-the-middle attack on the signal sent from the wireless mouse to the USB receiver. Not only could he read and log everything, but he could also control it entirely, meaning he could send mouse and even keystrokes via the hijacked signals.

If a wireless keyboard from a manufacturer happens to have a similar bug, the attacker could also log the keystrokes from there. So far, we have seen that passwords can have a lot of vulnerabilities and caveats. And most importantly, they are controlled by the users, but what alternatives do we have? This is what will be answered in the next lesson.