A new version of the iSpy keylogger has the ability to steal passwords saved in browsers and the license keys for...
software, as well as to record Skype chats. How does this keylogger work, and what are the best defense options?
The iSpy keylogger is a malicious commercial keylogger with functionality for recording keystrokes, taking screenshots and monitoring webcams and clipboards, among other types of spying activity.
The iSpy keylogger is one of many other commercial keyloggers or questionable remote administration tools with similar functionality. One of the key aspects of a software keylogger is that it most often runs with complete access to a system, and it can access any data on the system.
Zscaler reported that the iSpy keylogger malware gets onto an endpoint when end users open a malicious attachment in a spam or phishing email, from which the main iSpy malware is downloaded onto the system. The iSpy malware takes several steps to make it more difficult to analyze, like using XOR-based encryption to encrypt the file, checking for debuggers or sandboxes, and disabling antivirus software. It uses one of the oldest methods for persistence: adding a new key to the Windows registry to start the malware when a user logs in.
The iSpy keylogger has functionality for sending captured data via HTTP, Simple Mail Transfer Protocol or FTP. It even has a web panel used for managing the infected endpoints. It is not reported to use any zero days or vulnerabilities, and could be stopped using basic endpoint security protections, like antimalware tools and not running systems as an administrator. Security teams should also scan their Windows registry keys to look for any suspicious changes or additions.
Find out if the Detekt tool is effective at identifying remote administration spyware
Learn how to prevent Keydnap malware from stealing your Mac passwords
Read how Overseer Android spyware works on infected apps
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.