Does Malwarebytes report all keyloggers ?

[exile360]

On 1/19/2018 at 3:01 PM, David H. Lipman said:

Actually Samuel ( exile360 ) is a former Malwarebytes employee.  But not as a Malware Researcher.  I was also a Malwarebytes employee but I was a Malware Researcher.

Keyloggers are in a class of software that is greyware and it is not a Black and white case.  Malwarebytes stance is appropriate.

Everyone has their "opinions" on greyware and HackTools.

That is a very valid point regarding hacktools and greyware in general.  That said, keyloggers specifically should always be technically classified as spyware, however that does not necessarily categorize them as malware by default/under all circumstances.  While spyware may, and often is in fact considered a sub-category of malware, not all spyware is all that malicious (same goes for some other categories such as adware) so if Malwarebytes were specifically an antispyware application I'd expect more strict blanketed targeting of all forms of keyloggers (legit or not), however since it is an antimalware app, a more generalized form of protection, some exceptions and differences in classifications are at least somewhat understandable (though I might then make the argument that one might seek additional protection to further augment the protection afforded by Malwarebytes to shore up such 'gaps' in protection).

Either way, at least the worst of them are being targeted such as those used by banker Trojans and the like where the intent is definitely malicious.  Those really are the most serious threats, though one still might be concerned about cases where others who've gained access to a system might have installed a legit keylogger for illegitimate purposes and want to take steps to better protect themselves/their endpoints from such potential threats (thinking corporate espionage etc. here as well as things like disgruntled exes and other similar scenarios where an 'internal' threat might exist).

[biomembrain]

On 1/24/2018 at 10:10 PM, exile360 said:

That is a very valid point regarding hacktools and greyware in general.  That said, keyloggers specifically should always be technically classified as spyware, however that does not necessarily categorize them as malware by default/under all circumstances.  While spyware may, and often is in fact considered a sub-category of malware, not all spyware is all that malicious (same goes for some other categories such as adware) so if Malwarebytes were specifically an antispyware application I'd expect more strict blanketed targeting of all forms of keyloggers (legit or not), however since it is an antimalware app, a more generalized form of protection, some exceptions and differences in classifications are at least somewhat understandable (though I might then make the argument that one might seek additional protection to further augment the protection afforded by Malwarebytes to shore up such 'gaps' in protection).

Either way, at least the worst of them are being targeted such as those used by banker Trojans and the like where the intent is definitely malicious.  Those really are the most serious threats, though one still might be concerned about cases where others who've gained access to a system might have installed a legit keylogger for illegitimate purposes and want to take steps to better protect themselves/their endpoints from such potential threats (thinking corporate espionage etc. here as well as things like disgruntled exes and other similar scenarios where an 'internal' threat might exist).

I agree Exile360

Why do we underestimate Keyloggers in general? No one really talks about them anymore, and everyone just talks about Ransomware, and other Malicious Browser Extensions.

Keyloggers can literally hurt someone, very very badly. If someone implanted, or someone didn't know about a 'legitmate' keylogger, that is on their device, they could get blackmailed / can break anonymity in general if the common man is yearning for it. Even though people should never never use Windows 10 as a OS for anonymity, people do it anyway and we still make Privacy apps for it.

Qubes OS has it's own virtual machine for its keyboard. At least that is what I heard from a Cyber Security course. I really like this concept because it isolates it from the rest of the system processes.

Edited January 27, 2018 by biomembrain

[exile360]

8 hours ago, biomembrain said:

Why do we underestimate Keyloggers in general? No one really talks about them anymore, and everyone just talks about Ransomware, and other Malicious Browser Extensions.

It's mainly because those other categories of threats are far more common these days.  Malicious keyloggers aren't seen live in the wild too frequently at the moment (though I do suspect that once vendors begin to dig more deeply into the corporate/government/infrastructure space where APTs reign supreme that this trend will shift dramatically as APTs are more often than not designed NOT to display any obvious symptoms of infection and to take control of and/or exfiltrate data from the systems/networks they infect, unlike the more common threats like ransomers and the like whose primary goal is extortion).  Screencap malware is another similar category of threat which is often found alongside malicious keyloggers and might also be something we see more prominently once researchers begin tracking more APT type attacks/threats.  The same goes for more obscure/obfuscated worms as well as less frequently seen/more specialized/targeted types of exploits, some or all of which may or may not already be covered by existing anti-exploit tech in most current security applications (for example, the SMB vulnerability leveraged by WannaCry that caught a lot of vendors off guard as it spread through networks across Europe and elsewhere).