A new version of the iSpy keylogger has the ability to steal passwords saved in browsers and the license keys for...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
software, as well as to record Skype chats. How does this keylogger work, and what are the best defense options?
The iSpy keylogger is a malicious commercial keylogger with functionality for recording keystrokes, taking screenshots and monitoring webcams and clipboards, among other types of spying activity.
The iSpy keylogger is one of many other commercial keyloggers or questionable remote administration tools with similar functionality. One of the key aspects of a software keylogger is that it most often runs with complete access to a system, and it can access any data on the system.
Zscaler reported that the iSpy keylogger malware gets onto an endpoint when end users open a malicious attachment in a spam or phishing email, from which the main iSpy malware is downloaded onto the system. The iSpy malware takes several steps to make it more difficult to analyze, like using XOR-based encryption to encrypt the file, checking for debuggers or sandboxes, and disabling antivirus software. It uses one of the oldest methods for persistence: adding a new key to the Windows registry to start the malware when a user logs in.
The iSpy keylogger has functionality for sending captured data via HTTP, Simple Mail Transfer Protocol or FTP. It even has a web panel used for managing the infected endpoints. It is not reported to use any zero days or vulnerabilities, and could be stopped using basic endpoint security protections, like antimalware tools and not running systems as an administrator. Security teams should also scan their Windows registry keys to look for any suspicious changes or additions.
Find out if the Detekt tool is effective at identifying remote administration spyware
Learn how to prevent Keydnap malware from stealing your Mac passwords
Read how Overseer Android spyware works on infected apps
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust ...continue reading
Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime ...continue reading
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.