Q
Problem solve Get help with specific problems with your technologies, process and projects.

How does the iSpy keylogger steal passwords and software license keys?

A recent version of the iSpy keylogger has the ability to steal passwords and record Skype chats. Expert Nick Lewis explains how it works and how to protect your systems.

A new version of the iSpy keylogger has the ability to steal passwords saved in browsers and the license keys for...

software, as well as to record Skype chats. How does this keylogger work, and what are the best defense options?

The iSpy keylogger is a malicious commercial keylogger with functionality for recording keystrokes, taking screenshots and monitoring webcams and clipboards, among other types of spying activity.

The iSpy keylogger is one of many other commercial keyloggers or questionable remote administration tools with similar functionality. One of the key aspects of a software keylogger is that it most often runs with complete access to a system, and it can access any data on the system.

Zscaler reported that the iSpy keylogger malware gets onto an endpoint when end users open a malicious attachment in a spam or phishing email, from which the main iSpy malware is downloaded onto the system. The iSpy malware takes several steps to make it more difficult to analyze, like using XOR-based encryption to encrypt the file, checking for debuggers or sandboxes, and disabling antivirus software. It uses one of the oldest methods for persistence: adding a new key to the Windows registry to start the malware when a user logs in.

The iSpy keylogger has functionality for sending captured data via HTTP, Simple Mail Transfer Protocol or FTP. It even has a web panel used for managing the infected endpoints. It is not reported to use any zero days or vulnerabilities, and could be stopped using basic endpoint security protections, like antimalware tools and not running systems as an administrator. Security teams should also scan their Windows registry keys to look for any suspicious changes or additions.

Next Steps

Find out if the Detekt tool is effective at identifying remote administration spyware

Learn how to prevent Keydnap malware from stealing your Mac passwords

Read how Overseer Android spyware works on infected apps

This was last published in February 2017

Dig Deeper on Malware, Viruses, Trojans and Spyware

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What has your enterprise's experience been with keyloggers and spyware?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close