Kaspersky Safemoney Keylogger Bypass

[Guest]

I just downloaded the first testing tool I could find, and boom, it bypasses every single one of its protections despite being in Low Restricted.

[Xzz123]

try to type in a password input box,

try to type in password input box via K‘s virtual keyboard.

 

SpyShelter may use kernel driver to intercept your input under R0

that way an AV program can hardly do anything.

it is more important how to prevent a malicious driver from loading into system kernel.

I have seen many times that K's PDM block malicious driver load into system. (detection name is PDM:Suspicious.Driver.Installation.b.4)~in your test, SS is a trusted program.

[JaffaCakes118]

The exe/tool you used in the video is detected by Kaspersky as a PUA/PUP, which means you added the file as an exclusion to even run it which you didn't even show in the video.

https://opentip.kaspersky.com/3A8DF906E3CA36FC2CE1C67EF949244D/results?tab=lookup

 

[Vimaro]

Dear user,

Thanks for your message and test. The verdict for that application is "Not-A-Virus", we offer to you the following Kaspersky Blog article for more details about that verdict: https://www.kaspersky.com/blog/not-a-virus/18015/

Please don't hesitate to ask anything else you need.

[Guest]

2 hours ago, JaffaCakes118 said:

The exe/tool you used in the video is detected by Kaspersky as a PUA/PUP, which means you added the file as an exclusion to even run it which you didn't even show in the video.

https://opentip.kaspersky.com/3A8DF906E3CA36FC2CE1C67EF949244D/results?tab=lookup

 

 

1 hour ago, Vimaro said:

Dear user,

Thanks for your message and test. The verdict for that application is "Not-A-Virus", we offer to you the following Kaspersky Blog article for more details about that verdict: https://www.kaspersky.com/blog/not-a-virus/18015/

Please don't hesitate to ask anything else you need.

I understand that it is detected, however no exclusions were made. I simply turned off File AV. This test was to simulate any keyloggers undetected by Kaspersky’s File AV, as any advanced attack can bypass static file analysis. 
 

This test isn’t to simulate a bypass with a specific software, it’s just to show that Safe Money is bypassed by a Keyloggers, which I believe isn’t kernel level nor uses Drivers.

Edited August 25, 2023 by Xeno2ig

[Guest]

I also must ask, does Kaspersky provide protection against Keyloggers, and am I safe using only Kaspersky against them?

[Vimaro]

1 hour ago, Xeno2ig said:

I also must ask, does Kaspersky provide protection against Keyloggers, and am I safe using only Kaspersky against them?

Yes, you are protected.

Please be sure you have set our Kaspersky product as recommended in following article: https://support.kaspersky.com/KIS/21.3/en-US/139728.htm

 

Edited August 25, 2023 by Vimaro

[Guest]

28 minutes ago, Vimaro said:

Yes, you are protected.

Please be sure you have set our Kaspersky product as recommended in following article: https://support.kaspersky.com/KIS/21.3/en-US/139728.htm

 

I am currently using default settings besides Extreme File AV and default deny intrusion prevention. However, a keylogger “bypassed” advanced protection. How can I be protected from those?

[Guest]

11 hours ago, Xzz123 said:

try to type in a password input box,

try to type in password input box via K‘s virtual keyboard.

 

SpyShelter may use kernel driver to intercept your input under R0

that way an AV program can hardly do anything.

it is more important how to prevent a malicious driver from loading into system kernel.

I have seen many times that K's PDM block malicious driver load into system. (detection name is PDM:Suspicious.Driver.Installation.b.4)~in your test, SS is a trusted program.

 We have done this.

Without Safe Money, using even virutal keyboard wont stop the keylogger.
With Safe Money, the keylogger only recieves "y", regardless of what you type into it. Therefore, it does block the keylogger.

[Xzz123]

1 hour ago, Xeno2ig said:

Therefore, it does block the keylogger.

It looks good🙂

the max protection is that you type in a password input box via K‘s virtual keyboard in safe-money protected broswer.

the password input box should be automaticly indentified by K and you will be suggested to use the virtual keyboard.

a small lock icon will be displayed beside the input box.

[Guest]

And just to confirm, kaspersky stops Keyloggers, right?

[Xzz123]

Strictly speaking, K has such functions

As for whether it achieves the design goal, it depends on your test results and how you understand the test results.