A Keylogger does exactly what the name states, it captures every keystroke typed on a computer or mobile device and transmits that stolen information to a remote server controlled by the hackers. Zero-day Keyloggers are extremely effective malware, capable of evading detection by nearly all anti-virus programs and the most advanced firewalls. Along with spyware, they were ranked as the highest threat by the Global Threat Intelligence Report. Keyloggers have been implicated in some of the biggest breaches of our time including Citibank, Sony, NY Times, Home Depot, Target, Anthem/Blue Cross Blue Shield, Hillary Clinton and the DNC emails and the Colonial Pipeline. Most security teams know about Keyloggers, but simply do not have an effective method of protection.
Typically, many advanced attacks begin with spear phishing used to trick the victim into installing Keyloggers onto their device. Hackers often mask themselves with a seemingly legitimate message or familiar email address. These emails come with attached documents loaded with the malicious code. The attachments are named in a way that make them look relevant to the company. Once administrative credentials are obtained, breaching the network becomes a trivial task because now the hackers appear to the system as legitimate employees allowing them to fly completely under the radar of the enterprise security policies.
In addition to email, Social networking websites, have become favorite places for hackers to propagate spyware. Facebook is an extremely popular attack vector because of its popularity. Keyloggers can be embedded into any type of download such as a video, picture file or an online game. Cybercriminals hack into a user’s FB page and plant the malware on their wall in order to infect visitors who click on the infected links. At one time, the founder of Facebook, Mark Zuckerberg’s page was hacked. This put his millions of followers at risk because they were very likely to trust the content on his page.