Notorious Trojan Now Targets Password Managers

Status
Not open for further replies.

hawkshod

Estimable
Nov 20, 2014
1
0
4,510
With Keepass, you can enable a setting to "enter masterkey on secure desktop". Would the secure desktop environment prevent the keylogger from capturing information?
 

ChronosVRdS

Estimable
Oct 21, 2014
1
0
4,510
With Keepass, you can enable a setting to "enter masterkey on secure desktop". Would the secure desktop environment prevent the keylogger from capturing information?
I asking myself the same thing, but all depends how malware attacks
 

Evervision

Distinguished
Dec 31, 2007
1
0
18,510
With Keepass, you can enable a setting to "enter masterkey on secure desktop". Would the secure desktop environment prevent the keylogger from capturing information?

This has been asked before (http://sourceforge.net/p/keepass/discussion/329220/thread/c9fad8b7/) supposedly it helps, but the general security standpoint is:

If someone has control of your machine, it is no longer your machine and no program can defend against them.
 

lfkfkfkffs

Estimable
Apr 2, 2014
37
0
4,610
This is what I would do if you use any programs like this, the whole thing with these key chain things, is so you can have just one master key that maybe you write down somewhere, then lock away in your safe, and then use some random generator to make a mix of letters numbers and symbols if allowed, then allowing you to de-encrypt with your private key. Now my advice would be this, write down or screenshot your passwords from the key chains, then completely wipe it off your pc, then install something to encrypt your keystrokes on websites etc, so when that virus beacons back to bass all that they get is scrambled monkey like letters and numbers with no really value. I would recommend downloading http://www.qfxsoftware.com/
Then knowing that you are not infected, do something like install a sandbox, now a sandbox won't protect you if you are already infected, but say you go to bad website X and it drops the payload on your machine, well it won't be able to do anything outside of the sandbox because it will be blocked off, so I recommend if you use any of these use a sandboxed web browser, and wipe the contents of that box daily. Another thing you can do is something simple like installing a virtual keyboard, not the one included in windows. Good ones will encrypt your data, making it 99% effective against an attacker. There is a more in depth guide here https://www.raymond.cc/blog/how-to-beat-keyloggers-to-protect-your-identity/ This link also will provide the information of where to download. The last two things I would like to add are just disable java script, and slowly add those trusts back on the websites you go to a lot, at first you might be bothered by doing this, but after a week you will be integrated into it enough, it won't cause any more needing to enable. 2nd is WOT or web of trust, it is a free app for chrome, it simply will give reviews, and experience that other people have had or reported about the website. It works like a traffic light, green means go right ahead, yellow means precede with caution not 100% safe, red means don't load the page at all. Also most real time protection from AV software will help you against most websites that try to drop payloads on your machine.

Just wanted to toss that out there, just a infosec nerd with some free time, enjoy hope it helped someone.
 

antilycus

Distinguished
Jun 1, 2006
397
0
18,930
Key loggers typically grab the IO scheduler, so in theory, pending HOW the information is stored within the program, the "auto log in" feature should prevent a keylogger from grabbing data. I also recommend now using a single sign on / master passwork program. I use passpack.com which has dual authentication
 

lfkfkfkffs

Estimable
Apr 2, 2014
37
0
4,610
I really wouldn't worry to much about the virus, the servers got ceased in 2013 and the equipment is locked wherever the FBI took it. The only variant atm is zeus which is even more sophisticated. The unpacked review of the virus is here, https://blog.malwarebytes.org/intelligence/2014/02/how-to-unpack-a-self-injecting-citadel-trojan/ it has a lot of the same source code as zeus. My honest opinion would be just to install CryptoPrevent from https://www.foolishit.com/vb6-projects/cryptoprevent/ it won't stop the virus from infecting you, but it will prevent the encrypting part which holds your computer for ransom. I just would uninstall any key chains and use only a sand boxed web browser if you are really worried. Server is ceased=don't worry about the attackers getting you data.
 

ronintexas

Honorable
Dec 10, 2012
265
0
11,210
I use LastPass - and you must use two factor authentication to gain access to my passwords - one is the "master password" - but that is useless unless you have the second factor - a chart that I have printed on my desktop. Unless the program can reach through my monitor and read my chart....the master password is useless....
 

daddywalter

Distinguished
May 21, 2011
20
0
18,570
I use a password manager, but I also use an anti-malware suite that (among other things) scans and warns me of keyloggers. Several of the paid suites do this; I don't know if any of the free ones include this feature. And no, I can't claim to know just how effective the suite I use actually is. All I know is that I was the victim of online credit/debit card thefts before I switched to it from a free "solution"; since then I have not been _successfully_ hacked, although the software reports on the attempts it has blocked.

I won't mention the particular anti-malware suite by name because, frankly, I don't want to "challenge" anyone to find a way around it. (And because I'm not a shill for the publisher.) I encourage everyone to do their own homework, decide on whichever software solution best suits their needs, and _use_ it!
 

Nerdtopia

Estimable
Nov 19, 2014
5
0
4,510
I'd recommend not using any password managers because most of them are really vulnerable (I have experience coding malware) and anti malware won't save you from a FUD stub, unless the coder is an idiot and didn't crypt it.
 
Status
Not open for further replies.