The Persistence of Memory – Chapter one: keyloggers

Today’s arrest of Yaron Bolondi set me thinking about cyber crime and keyloggers. It comes as no surprise that keyloggers have become the tool of choice for cyber criminals. Three months ago I wrote about my experience with a public computer that I was using to access the Internet, which was infested with keyloggers and screen capturing tools.

Last week we received a new Trojan, which called back home through a hacked ftp account on a public hosting server. The Trojan was constantly monitoring the screen, starting to capture screenshots whenever the page currently accessed in IE containes keywords such as “bank” or “account”. Additionally, the Trojan included the usual keylogger component and a module which intercepted all emails sent from the system.

We were glad to notice the above technique was almost useless against e-banking systems which rely on one-time-pad authentication or hardware tokens. Of course, everything else it at risk.

If you have to rely on e-banking – and I have to say I’m a great fan of it – choose your bank wisely. One time pad authentication or hardware tokens are a “sine qua non”. Assuming that the bank’s internal bank network isn’t breached, your money should be safe.

The Persistence of Memory – Chapter one: keyloggers

Your email address will not be published. Required fields are marked *



APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

Subscribe to our weekly e-mails

The hottest research right in your inbox