Jump to content

Kaspersky Safemoney Keylogger Bypass


Guest

Recommended Posts

I just downloaded the first testing tool I could find, and boom, it bypasses every single one of its protections despite being in Low Restricted.

Link to comment
Share on other sites

try to type in a password input box,

try to type in password input box via K‘s virtual keyboard.

 

SpyShelter may use kernel driver to intercept your input under R0

that way an AV program can hardly do anything.

it is more important how to prevent a malicious driver from loading into system kernel.

I have seen many times that K's PDM block malicious driver load into system. (detection name is PDM:Suspicious.Driver.Installation.b.4)~in your test, SS is a trusted program.

  • Like 2
Link to comment
Share on other sites

2 hours ago, JaffaCakes118 said:

The exe/tool you used in the video is detected by Kaspersky as a PUA/PUP, which means you added the file as an exclusion to even run it which you didn't even show in the video.

image.png

https://opentip.kaspersky.com/3A8DF906E3CA36FC2CE1C67EF949244D/results?tab=lookup

 

 

1 hour ago, Vimaro said:

Dear user,

Thanks for your message and test. The verdict for that application is "Not-A-Virus", we offer to you the following Kaspersky Blog article for more details about that verdict: https://www.kaspersky.com/blog/not-a-virus/18015/

Please don't hesitate to ask anything else you need.

I understand that it is detected, however no exclusions were made. I simply turned off File AV. This test was to simulate any keyloggers undetected by Kaspersky’s File AV, as any advanced attack can bypass static file analysis. 
 

This test isn’t to simulate a bypass with a specific software, it’s just to show that Safe Money is bypassed by a Keyloggers, which I believe isn’t kernel level nor uses Drivers.

Edited by Xeno2ig
Link to comment
Share on other sites

1 hour ago, Xeno2ig said:

I also must ask, does Kaspersky provide protection against Keyloggers, and am I safe using only Kaspersky against them?

Yes, you are protected.

Please be sure you have set our Kaspersky product as recommended in following article: https://support.kaspersky.com/KIS/21.3/en-US/139728.htm

image.thumb.png.00b75875bc4396c4654033c43546d84a.png

 

Edited by Vimaro
  • Like 1
Link to comment
Share on other sites

28 minutes ago, Vimaro said:

Yes, you are protected.

Please be sure you have set our Kaspersky product as recommended in following article: https://support.kaspersky.com/KIS/21.3/en-US/139728.htm

image.thumb.png.00b75875bc4396c4654033c43546d84a.png

 

I am currently using default settings besides Extreme File AV and default deny intrusion prevention. However, a keylogger “bypassed” advanced protection. How can I be protected from those?

Link to comment
Share on other sites

11 hours ago, Xzz123 said:

try to type in a password input box,

try to type in password input box via K‘s virtual keyboard.

 

SpyShelter may use kernel driver to intercept your input under R0

that way an AV program can hardly do anything.

it is more important how to prevent a malicious driver from loading into system kernel.

I have seen many times that K's PDM block malicious driver load into system. (detection name is PDM:Suspicious.Driver.Installation.b.4)~in your test, SS is a trusted program.

 We have done this.

Without Safe Money, using even virutal keyboard wont stop the keylogger.
With Safe Money, the keylogger only recieves "y", regardless of what you type into it. Therefore, it does block the keylogger.

Link to comment
Share on other sites

1 hour ago, Xeno2ig said:

Therefore, it does block the keylogger.

It looks good🙂

the max protection is that you type in a password input box via K‘s virtual keyboard in safe-money protected broswer.

the password input box should be automaticly indentified by K and you will be suggested to use the virtual keyboard.

a small lock icon will be displayed beside the input box.

Link to comment
Share on other sites

Strictly speaking, K has such functions

As for whether it achieves the design goal, it depends on your test results and how you understand the test results.

 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...