Nmedia - Fotolia
A new version of the iSpy keylogger has the ability to steal passwords saved in browsers and the license keys for software, as well as to record Skype chats. How does this keylogger work, and what are the best defense options?
The iSpy keylogger is a malicious commercial keylogger with functionality for recording keystrokes, taking screenshots and monitoring webcams and clipboards, among other types of spying activity.
The iSpy keylogger is one of many other commercial keyloggers or questionable remote administration tools with similar functionality. One of the key aspects of a software keylogger is that it most often runs with complete access to a system, and it can access any data on the system.
Zscaler reported that the iSpy keylogger malware gets onto an endpoint when end users open a malicious attachment in a spam or phishing email, from which the main iSpy malware is downloaded onto the system. The iSpy malware takes several steps to make it more difficult to analyze, like using XOR-based encryption to encrypt the file, checking for debuggers or sandboxes, and disabling antivirus software. It uses one of the oldest methods for persistence: adding a new key to the Windows registry to start the malware when a user logs in.
The iSpy keylogger has functionality for sending captured data via HTTP, Simple Mail Transfer Protocol or FTP. It even has a web panel used for managing the infected endpoints. It is not reported to use any zero days or vulnerabilities, and could be stopped using basic endpoint security protections, like antimalware tools and not running systems as an administrator. Security teams should also scan their Windows registry keys to look for any suspicious changes or additions.
Find out if the Detekt tool is effective at identifying remote administration spyware
Learn how to prevent Keydnap malware from stealing your Mac passwords
Read how Overseer Android spyware works on infected apps
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading