Abstract
The current study evaluates the malware life cycle and develops a keylogger that can avoid Windows 10 security systems. Therefore, we considered the requirements of the malware in order to create a keylogger. Afterward, we developed a customized and unpublished malware, on which we added as many features as necessary using the Python programming language. At the end of this process, the resulting executable program will execute three main threads responsible for collecting the screenshots, keystrokes, and creating the backdoor in the infected system. Furthermore, we added the required methods to avoid the leading security tools used in Windows environments. Finally, we tested the executable file resulting on different websites as proof of concept in a real scenario. As a result, the keylogger has avoided Windows 10 firewalls, user account control, and the antivirus. Moreover, it gathered a significant amount of confidential information about user behavior, including even the credentials of the users, without noticing them.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Hammadi, Y., Aickelin, U.: Detecting bots based on keylogging activities. In: Proceeding of 3rd International Conference on Availability, Reliability and Security, pp. 896–902 (2008)
Aslam, M., Idrees, R., Baig, M., Arshad, M.: Anti-hook shield against the software keyloggers. In: Proceeding of the National Conference on Emerging Technologies, pp. 189–191 (2004)
Estrada, Z.J., Sprabery, R., Yan, L., Yu, Z., Campbell, R., Kalbarczyk, Z., Iyer, R.K.: Using OS design patterns to provide reliability and security as-a-service for VM-based clouds. In: Proceedings of the 2017 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 157–170 (2017)
Fangzhou, G., et al.: A novel detection technique for keyloggers. Lecture Notes in Computer Science, vol. 6307, pp. 198–217 (2010)
GithubGist: Bypass UAC via fodhelper binary in windows 10 systems. Technical Report. https://gist.github.com/netbiosX/a114f8822eb20b115e33db55deee6692
Han, J. Kwon, J. Lee, H.: Unveiling hidden spywares by generating bogus events. In: The Proceeding of IFIP 23rd International Information Security Conference, pp. 669–673 (2008)
Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: a case-study of keyloggers and dropzones. Lecture Notes in Computer Science, vol. 5789, pp. 1–18 (2009)
Jha, A., Sharma, S.: Quantitative interpretation of cryptographic algorithms. In: Emerging Technology in Modelling and Graphics, pp. 459–469. Springer, Singapore. (2020)
Jun, F., Yiwen, L., Chengyu, T., Xiaofei, X.: Detecting software keyloggers with dendritic cell algorithm. In: Proceeding of the International Conference on Communications and Mobile Computing, pp. 111–115 (2010)
Loutfi, I.: Smmdecoy: detecting GPU keyloggers using security by deception techniques. In: Proceedings of the 5th International Conference on Information Systems Security and Privacy, pp. 580–587 (2019)
Luzbashev, A.V., Filippov, A.I., Kogos, K.G.: Continuous user authentication in mobile phone browser based on gesture characteristics. In: Proceedings of the 2nd World Conference on Smart Trends in Systems, Security and Sustainability, WorldS, vol. 8611589, pp. 313–316 (2019)
Mallikarajunan, K., Preethi, S.R., Selvalakshmi, S. Nithish, N.: Detection of spyware in software using virtual environment. In: Proceedings of the 3rd International Conference on Trends in Electronics and Informatics, pp. 1138–1142 (2019)
Mohsen, F., Bello-Ogunu, E. Shehab, M.: Investigating the keylogging threat in android – user perspective. In: Proceedings of the Second International Conference on Mobile and Secure Services (MobiSecServ), Gainesville, pp. 1–5 (2016)
Ortolani, S., Crispo, B.: Noisykey: tolerating keyloggers via keystrokes hiding. In: Proceedings of the 7th USENIX Conference on Hot Topics in Security (HotSec 2012). USENIX Association (2012)
Ortolani, S., Giuffrida, C., Crispo, B.: Unprivileged black-box detection of user-space keyloggers, pp. 40–52 (2013)
Provecho, E.F.: Testing user account control (UAC) on windows 10
PyInstaller: Using pyinstaller – pyinstaller 3.5 documentation. Technical Report
Sahay, S.K., Sharma, A., Rathore, H.: Evolution of malware and its detection techniques. In: Information and Communication Technology for Sustainable Development, pp. 139–150 (2020)
Solairaj, A., Prabanand, S.C., Mathalairaj, J., Prathap, C., Vignesh, L.S.: Keyloggers software detection techniques. In: Proceedings of the 10th International Conference on Intelligent Systems and Control, ISCO (2016)
Tekawade, N., Kshirsagar, S., Sukate, S., Raut, L., Vairagar, S.: Social engineering solutions for document generation using key-logger security mechanism and QR code. In: Proceedings 4th International Conference on Computing, Communication Control and Automation, ICCUBEA, vol. 8697420 (2018)
Ucci, D., Aniello, L., Baldoni, R.: Survey of machine learning techniques for malware analysis. Comput. Secur. 81, 123–147 (2019)
Willems, E.: Tips for companies: surviving on the internet. In: Cyberdanger, pp. 145–159 (2019)
Zambrano, P., Torres, J., Tello-Oquendo, L., Jácome, R., Benalcázar, M.E., Andrade, R., Fuertes, W.: Technical mapping of the grooming anatomy using machine learning paradigms: an information security approach. IEEE Access 7, 142,129–142,146 (2019)
Zheng, Y., Liu, F., Hsieh, H.P.: Security risks from vulnerabilities and backdoors. In: Cyberspace Mimic Defense, pp. 3–38. Springer, Cham (2020)
Acknowledgment
We want to thank the resources granted for developing the research project entitled “Detection and Mitigation of Social Engineering attacks applying Cognitive Security, Code: PIC-ESPE-2020-Social-Engineering.” The authors would also like to thank the financial support of the Ecuadorian Corporation for the Development of Research and the Academy (RED CEDIA) in the development of this study within the Project Grant GT-Cybersecurity.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Royo, Á.A., Rubio, M.S., Fuertes, W., Cuervo, M.C., Estrada, C.A., Toulkeridis, T. (2021). Malware Security Evasion Techniques: An Original Keylogger Implementation. In: Rocha, Á., Adeli, H., Dzemyda, G., Moreira, F., Ramalho Correia, A.M. (eds) Trends and Applications in Information Systems and Technologies. WorldCIST 2021. Advances in Intelligent Systems and Computing, vol 1365. Springer, Cham. https://doi.org/10.1007/978-3-030-72657-7_36
Download citation
DOI: https://doi.org/10.1007/978-3-030-72657-7_36
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-72656-0
Online ISBN: 978-3-030-72657-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)