keylogger
Latest
Google study shows how your account is most likely to be hijacked
Security threats like phishing, keylogging and third-party breaches are pretty common knowledge. Google wanted to gain a better understanding of how hijackers steal passwords and other sensitive data in the wild, though, so it conducted an analysis of online black markets from March 2016 to March 2017. The result? It found that among the three, phishing poses the biggest threat to your online security. Together with credential leaks, the two represent a threat "orders of magnitude larger than keyloggers."
Hackers slipped malware into popular PC software CCleaner
A popular PC-cleaning software used by over 130 million people put users at risk after hackers were able to insert malware into legitimate downloads. Piriform's CCleaner, owned by antivirus provider Avast, was found to be hosting a "multi-stage malware payload" that could install ransomware or keyloggers and further infect target computers on command.
US: North Korea's been hacking everyone since 2009
US authorities believe the North Korean government has been using an army of hackers called "Hidden Cobra" to deploy cyber attacks over the past eight years. That's according to the Technical Alert formally issued by the Homeland Security and the FBI, which contains the details and tools NK's cyber army has been using to infiltrate the media, financial, aerospace and critical infrastructure sectors in the US and around the globe. The government agencies issued the alert after tracing the IP addresses of a malware variant used to manage NK's DDoS attacks to North Korean computers. While other players can spoof their IPs to frame NK, the US is encouraging cyber analysts to be on the lookout, warning them that the Asian country will continue to use cyber operations to advance its government's military and strategic objectives.
EFF: Security software distributed by cops is actually spyware in disguise
Various schools, libraries and ordinary American families might have been using a "security" software called ComputerCOP for years. After all, they probably got their copy from cops, attorney's offices or other branches of law enforcement, which tout it as a way to protect children online. Unfortunately, ComputerCOP isn't the digital protector children need -- according to tests conducted by the Electronic Frontier Foundation, it's actually a key-logging spyware that uploads unencrypted data to the software's servers. In other words, it uploads bank and email log-ins, social security numbers, among other sensitive data that can be easily intercepted and read by identity thieves, credit card hackers or even child predators.
eBay's ticket site StubHub says it's the victim of a 'global fraud ring'
StubHub has revealed that it's been the victim of a global fraud operation that's lasted longer than a year. Rather than being hacked, however, criminals obtained user details from other websites and keylogging software, then proceeded to make purchases on the eBay-owned ticket site. Company official Glenn Lehrman has told Reuters that authorities in the US, Canada and the UK will conduct arrests later today, at which point more details will be released. Worried users of the service should relax, for the moment at least, since the company has promised that any unauthorized transactions were spotted and refunded back in 2013.
Data thieves want to track what you type at hotel business centers
You may not want to use your hotel's business center to check email on your next big trip. The Secret Service has warned the hospitality business that thieves are installing keyloggers on hotel PCs to steal guests' data. In a recent Dallas area bust, authorities caught multiple people swiping account logins, banking info and other personal details from travelers typing away at compromised business center systems. The culprits didn't even have to exploit security holes to get in -- the key-tracking software required "little technical skill."
You cannot get hacked by playing public games in Diablo 3
After years of keyloggers and trojans from unsafe browsing, unsecured computers, or just plain bad luck, WoW players should be pretty used to the concept of a compromised account and how said compromises happen. Unfortunately, Diablo III players don't appear to be as familiar with them, which has resulted in some pretty maddening discourse on the official forums and across the internet. Just like WoW accounts, Diablo III accounts are worth real money. Blizzard has had experience dealing with compromised accounts for years. This is why it introduced the Battle.net Authenticator, a second level of security that makes it very, very difficult to get your account compromised. Authenticators don't make it impossible to get your account compromised, but they do make compromising your account much more trouble than it's worth in the face of mass keylogging, which is how accounts are normally stolen. Some people who haven't had a WoW account before but bought Diablo III were undoubtedly surprised when their accounts were compromised, which is understandable. An editor at Eurogamer had his account hacked and responded with an article suggesting that players were getting their sessions hijacked by joining public games and that people were getting compromised with this method even with authenticators attached to their account. Unfortunately, sites all over the internet picked up the story and also reported the session hijacks and bypassed authenticators as fact. The problem is that neither of those things were correct. In fact, Blizzard says it's actually impossible to do with Diablo III due to the way the infrastructure is set up.
Blizzard: Diablo 3 account compromises historically in line with WoW expansions
The Blizzard forums are bursting with stories of Diablo 3 players' gold and items magically disappearing from their accounts, and while we bemoan the losses they're not entirely surprising."Historically, the release of a new game -- such as a World of Warcraft expansion -- will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo 3," Blizzards told Joystiq this evening. "We know how frustrating it can be to become the victim of account theft, and as always, we're dedicated to doing everything we can to help our players keep their Battle.net accounts safe -- and we appreciate everyone who's doing their part to help protect their accounts as well."
Google demos QR code Gmail access, claims something better in store
What's the big G up to here, then? It seems the Gmail team has been tinkering with a new secure method of accessing your precious email. Type your credentials into your phone, then scan a QR code in the browser to log in. It's ideal for public machines where typing your password might gift your credentials to any key-logging software. Sadly though, it seems the venture was just an experiment, with Google employee Dirk Balfanz confirming so on his Plus account. So, we might not be accessing our Gmail sans keyboard anytime soon, but with said staffer also teasing that his team are working on something "even better" who knows how we'll be logging on in the near future -- let's just hope it's not this.
Carrier IQ issues lengthy report on data collection practices, sticks to its guns
After having already tried to explain itself with metaphor, Carrier IQ is now taking its floundering PR campaign back to basics, with an ostensibly thorough primer on its practices and a slightly less convoluted defense of its privacy standards. This morning, the controversial analytics firm released a lengthy, 19-page document that attempts to explain "what Carrier IQ does and does not do." In the report, titled "Understanding Carrier IQ Technology," the company explains the benefit it offers to its clientele of network operators, many of whom rely upon Carrier IQ's diagnostic data to make sure their infrastructure is up to snuff. It also provides a breakdown of how it collects data, as well as a defense against Trevor Eckhart's findings, though, as you'll see, these arguments likely won't put this saga to bed anytime soon. Read more, after the break.
Proof of concept: iPhone captures keystrokes via 'thump phreaking'
Researchers at Georgia Tech have worked up a proof-of-concept demonstration of using an iPhone 4's accelerometer as a keylogger. After setting the iPhone near a computer keyboard, the device's built-in accelerometer and gyroscope were able to decipher entire sentences "with up to 80 percent accuracy." Similar keyloggers have already been developed using microphones, which sample vibrations far more frequently than accelerometers. However, nearly all phone operating systems ask a user's permission before granting applications access to the built-in microphone, which limits the utility of a keylogger. Apps don't currently ask for users' permission for access to accelerometers and gyroscopes, which raises the remote possibility of iPhones or other accelerometer-equipped devices spying on keyboard inputs without users being the wiser. "The way we see this attack working is that you, the phone's owner, would request or be asked to download an innocuous-looking application, which doesn't ask you for the use of any suspicious phone sensors," said Henry Carter, one of the project's researchers. "Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening." The keylogger software works by detecting key pairs -- detecting individual key presses turned out to be too difficult and unreliable -- and by comparing paired accelerometer events against a built-in dictionary, the software can decipher keypresses with startling accuracy. Our own Mike Rose has coined "thump phreaking" to refer to this spying technique (after Van Eck phreaking, which uses CRT or LCD emissions to reconstruct the screen image) and it's as apt a term as any for what this software does. It must be mentioned that this is only a proof of concept and not an actual attack that's out in the wild. The researchers themselves admit that this keylogger was difficult to build, and it's easily defeated by something as simple as moving your iPhone more than three inches away from the keyboard. That having been said, the technique is very James Bondian, and I wouldn't be at all surprised if something similar to this turns up in a forthcoming spy thriller or Batman movie.
Samsung reportedly installing keylogger software on laptops (update: it's a false-positive)
We'll start by saying that we've reached out to Samsung for a response here, but as of now, no reply has been given -- neither a confirmation nor a refusal of truth. Why bother mentioning that? If this here story proves true, Sammy could have a serious problem on its hands -- a problem that'll definitely start with a rash of negative PR, and a quandary that could very well end the outfit up in the courtroom. According to a report by Mohamed Hassan over at Network World, Samsung allegedly took the initiative to install a keylogger into his recently purchased R525 and R540 laptops. The app was noticed right away after a security scan on both systems, with StarLogger popping up with the c:\windows\SL directory. Where things really get strange is on the support line; reportedly, a supervisor informed Mr. Hassan (after an earlier denial) that the company did indeed install the software at the factory in order to "monitor the performance of the machine and to find out how it is being used." Unfortunately, it's difficult to say if this is a widespread issue, or if the tale is entirely correct, but we get the feeling that Samsung will have little choice but to respond in some form or fashion here shortly. Naturally, we'll keep you abreast of the situation -- meanwhile, you may want to reconsider that hate-filled comment you're about to bang out on your Samsung laptop, and instead, feast your eyes on the video just past the break. Update: Kudos to Samsung for hitting this head-on. An hour after we inquired for comment, a company spokesperson tossed over this official quote: "Samsung takes Mr. Hassan's claims very seriously. After learning of the original post this morning on NetworkWorld.com, we launched an internal investigation into this issue. We will provide further information as soon as it is available." Update 2: Samsung's official Korean language blog, Samsung Tomorrow, has a posted an update calling the findings false. According to Samsung, the confusion arose when the VIPRE security software mistakenly identified Microsoft's Slovene language folder ("SL") as Starlogger, which Sammy was able to recreate from an empty c:\windows\SL folder (see image above). So yeah, move along, it's much ado about nothing -- the R525 and R540 laptops are perfectly safe. Update 3: Even GFI Software has stepped up and confirmed the good news; furthermore, it'll be changing the way it structures things so as not to set off any more false-positives.
Blizzard posts new account security guide
Make no mistake: it really sucks when your WoW account gets compromised. Even with the speed with which compromises are handled by the support department nowadays, it's still a pain to have to wait to get your stuff back -- and it's even worse to know that someone was in there mucking around with your dudes, you know? Blizzard's been better about helping people with account security problems recently, like giving out free authenticators to some hacked accounts and offering a free phone-in authenticator service, but in the end, a lot of the responsibility falls on you the player to keep your account secure. To that end, Blizzard has assembled a new account security guide. It's a pretty comprehensive list of the steps you can take to secure your account, from getting an authenticator to learning how to recognize phishing emails to making sure that your computer itself is secured through the use of antivirus software. Learn it, live it, love it. In account security, as in Planeteering, the power is yours.
NCsoft answers questions on Aion's new security
Ever been in the middle of a duel with a friend in Aion and watch him (or her) drop offline in the middle of a conversation, then come back online on each alt, strip it down, and sell off everything -- right in front of your eyes? That very scenario has happened to me, and similar situations have happened to others. Even counting RNG rages, nothing really compares to the frustration and heartache of losing all you have worked so hard for in-game, and no one wants to experience this. With this in mind, NCsoft has introduced an extra layer of security -- a new PIN system designed to better safeguard your virtual stash. We were able to speak with Sean Neil, Associate Producer of Aion, and Lance Stites, Executive Vice President of Game Operations and Production at NCsoft West, to bring you the scoop on this new system. Join us past the cut to hear what they had to say.
Blizzard announces automated account recovery form for hacked accounts
World of Warcraft accounts have been under siege for years, with hackers and gold-selling outlets stealing passwords, items and more to fill their coffers, selling that gold to unwitting buyers. Blizzard has fought back incessantly over the years to stem the tide of gold farming and account hacking, and as you can imagine, the scale at which this happens is very tasking on its customer support department. Blizzard has just announced a new, speedier way to get help and answered about your hacked account, stolen items, authenticator issues and more! Now, under the new system, you will not have to email or call Blizzard to get these matters into its queue -- simply use the Account Recovery Form.
The Daily Quest: Feeling safe and warm
Here at WoW.com, we're on a Daily Quest (which we try to do every day, honest) to bring you interesting, informative and entertaining WoW-related links from around the blogosphere. Is there a story out there we ought to link or a blog we should be following? Just leave us a comment and you may see it here tomorrow! Take a look at the links below, and be sure to check out our WoW Resources Guide for more WoW-related sites. For many realms, Ruby Sanctum is up and running, and Halion's being smacked around by countless guilds (check out our Halion guide to learn how your guild can smack him around, too). With Ruby Sanctum as the last raid before the release of Cataclysm, players are still looking forward to the Cataclysm beta. With the beta now up and running, players are subject to piles of false email and announcements from people trying to steal valuable account information. With all these scammers trying to worm their way into player's accounts, how about we take a visit to that ever-pertinent blogging topic, account security? Letters from Birdfall has some wise words about security programs and what you can do to avoid the dangers of keylogging. Slice and Dice talks about safeguarding your guild bank. Flame Shock talks about phishing emails, what to look for and how not to write them. Now that we're feeling a little more secure, let's visit Oddcraft and get warm and cozy with a statement from A Basic Campfire.
Update: Keylogger source identified
Just a quick update from from our friends at World of Raids about the current situation regarding circumvented authenticators. It appears there are multiple websites being used for this malware. Be careful of which sites you go to in order to update your addons from; fake website addresses are being used to trick users. For example, one of the fake sources appears as a "Sponsored Link" right at the top of a Google search. Don't actually visit that site and be sure to warn players asking about addons where to go. What happens is the fake site will allow you to download a fake copy (did you see fake?) of the WowMatrix AddOn Manager which installs the emcor.dll. This Trojan (Malware.NSPack) can currently be detected by Malware Bytes. Thanks Kody!
Man in the middle attacks circumventing authenticators
It has been brought to our attention that Blizzard's technical support department is currently handling a security exploit that is, in a limited capacity, circumventing authenticators. Before we get into the details, please do not panic. This does not make authenticators worthless, and it is not yet a widespread problem. Do not remove your authenticator because of this, and do not base your decision on whether or not to buy an authenticator off of this. They are still very useful, and your account is much safer with an authenticator than it is without one. This is not the only report of this that we've seen, but it is the first time that a Blizzard representative has openly acknowledged that there is something afoot. For a full account of what happened, check the thread on the EU Technical Support forums. To sum up: There is a piece of malware (emcor.dll is what is being reported at the moment) that is being used as a hijacking tool to facilitate Man-in-the-Middle attacks on users. Kropaclus After looking into this, it has been escalated, but it is a Man in the Middle attack. http://en.wikipedia.org/wiki/Man-in-the-middle_attack This is still perpetrated by key loggers, and no method is always 100% secure. source To explain in the simplest way possible, instead of data being broadcast directly to Blizzard when trying to log in to your account, that data is being broadcast to a third party via this malware. This includes your authenticator code. Rather than you logging into your account, the hacker on the other end does so. They log into your account, clear out your characters, and move around virtual funds to fulfill orders from players buying gold. This method of circumvention has been theorized since the release of the key fobs, but it has only now started to actually happen.
Microsoft warns users of worm that targets MMO players
Remember how we always tell you to remain vigilant against malicious programs that can compromise your MMO account's security? Well, it seems we now have more reason to remain vigilant.Microsoft's latest security intelligence report covers the resurgence of worm type viruses and specifically mentions one that targets MMO players -- Taterf. As a worm, Taterf attempts to divine the user's account name and password through keystroke logging, reading the active memory, and even injecting itself into the game client. Either way, by the end of it, you end up naked and goldless. Hrm, we wonder if Taterf has been masquerading itself as our last girlfriend.
Blizzard warns against buying gold
If it wasn't already obvious, Blizzard put together a page on their official website making clear their stance towards buying in-game gold, and have just recently given it another big push. To put it simply: don't. The page outlines what we at WoW.com have known for quite some time (hence our collective stance against buying gold) -- that gold buying harms other players. The site doesn't go into specifics other than to say that gold selling companies often acquire their gold through unscrupulous means. They sum up their statement by saying that "players who buy gold are supporting spamming, botting, and keylogging." Basically, if you're a gold buyer, you're part of the problem. No, seriously. Gold sellers acquire gold by hacking into other players' accounts, taking their gold, selling all their items, and sometimes maliciously deleting their characters. That gold you think some Asian spent hours farming in Nagrand or something is more likely to be some other player's hard-earned gold and the seller is just as likely to be some dude from Jersey. As tempting as buying gold may seem -- and I've read many arguments towards why people buy them -- the bottom line is that it is harmful to the game and you're not doing yourself any favors in the long run. Blizzard says that it "diminish(es) the gameplay experience," but that's putting it nicely. Gold selling and power leveling are against the EULA, anyway, so anybody who patronizes these services are in danger of getting banned. And if you don't believe in buying gold (go you!), protect yourself by getting an authenticator or reading up on account security.
