Common Information
| Type | Value |
|---|---|
| Value |
Keylogging - T1417.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may log user keystrokes to intercept credentials or other information from the user as the user types them. Some methods of keylogging include: * Masquerading as a legitimate third-party keyboard to record user keystrokes.(Citation: Zeltser-Keyboard) On both Android and iOS, users must explicitly authorize the use of third-party keyboard apps. Users should be advised to use extreme caution before granting this authorization when it is requested. * Abusing accessibility features. On Android, adversaries may abuse accessibility features to record keystrokes by registering an `AccessibilityService` class, overriding the `onAccessibilityEvent` method, and listening for the `AccessibilityEvent.TYPE_VIEW_TEXT_CHANGED` event type. The event object passed into the function will contain the data that the user typed. *Additional methods of keylogging may be possible if root access is available. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-15 | 0 | New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT | ||
| Details | Website | 2024-10-15 | 0 | New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT - RedPacket Security | ||
| Details | Website | 2024-10-15 | 1 | ErrorFather Hackers Attacking Android Users To Gain Remote Control | ||
| Details | Website | 2024-10-15 | 0 | Cerberus Android Banking Trojan Deployed in New Malicious Campaign | ||
| Details | Website | 2024-10-15 | 0 | Over 200 malicious apps on Google Play downloaded millions of times | ||
| Details | Website | 2024-10-14 | 4 | New Cerberus Android Malware Variant Evades Security Tools: Cyble | ||
| Details | Website | 2024-10-14 | 1 | TrickMo Malware Attacking Android Devices To Steal Unlock Patterns And PINs | ||
| Details | Website | 2024-10-14 | 55 | Hidden In Plain Sight: How ErrorFather Deploys Cerberus To Amplify Cyber Threats | ||
| Details | Website | 2024-10-14 | 0 | ColdRoot Malware | ||
| Details | Website | 2024-10-14 | 21 | Threat Intelligence Report 8th October – 14th October | ||
| Details | Website | 2024-10-12 | 0 | Exploring Cyber Threats: Malware Stealer and the Password Recovery Tool LockPick | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples - Zimperium | ||
| Details | Website | 2024-10-11 | 71 | Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-10 | 17 | 2024-10-03 Amnesia Stealer Samples | ||
| Details | Website | 2024-10-10 | 29 | Technical Analysis of DarkVision RAT | ||
| Details | Website | 2024-10-10 | 36 | Technical Analysis of DarkVision RAT | ||
| Details | Website | 2024-10-10 | 33 | Malware by the (Bit)Bucket: Uncovering AsyncRAT | ||
| Details | Website | 2024-10-10 | 26 | Monthly Threat Actor Group Intelligence Report, August 2024 (KOR) | ||
| Details | Website | 2024-10-10 | 26 | Monthly Threat Actor Group Intelligence Report, July 2024 (ENG) – Red Alert | ||
| Details | Website | 2024-10-10 | 26 | Monthly Threat Actor Group Intelligence Report, August 2024 (KOR) – Red Alert | ||
| Details | Website | 2024-10-10 | 18 | Technical Analysis of DarkVision RAT | ||
| Details | Website | 2024-10-09 | 2 | N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware | ||
| Details | Website | 2024-10-09 | 2 | N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting | ||
| Details | Website | 2024-10-09 | 1 | North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and… |