Common Information
| Type | Value |
|---|---|
| Value |
Keylogging - T1417.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may log user keystrokes to intercept credentials or other information from the user as the user types them. Some methods of keylogging include: * Masquerading as a legitimate third-party keyboard to record user keystrokes.(Citation: Zeltser-Keyboard) On both Android and iOS, users must explicitly authorize the use of third-party keyboard apps. Users should be advised to use extreme caution before granting this authorization when it is requested. * Abusing accessibility features. On Android, adversaries may abuse accessibility features to record keystrokes by registering an `AccessibilityService` class, overriding the `onAccessibilityEvent` method, and listening for the `AccessibilityEvent.TYPE_VIEW_TEXT_CHANGED` event type. The event object passed into the function will contain the data that the user typed. *Additional methods of keylogging may be possible if root access is available. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-09-09 | 1199 | RST TI Report Digest: 09 Sep 2024 | ||
| Details | Website | 2024-09-09 | 33 | Threat Intelligence Report 3rd September – 9th September 2024 | ||
| Details | Website | 2024-09-08 | 0 | New RAMBO attack steals data using RAM in air-gapped computers | ||
| Details | Website | 2024-09-08 | 0 | Week 9 In Malware Analysis Fundamentals Workshop | ||
| Details | Website | 2024-09-07 | 0 | New RAMBO attack steals data using RAM in air-gapped computers | ||
| Details | Website | 2024-09-05 | 39 | BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar | ||
| Details | Website | 2024-09-05 | 4 | Cyber Briefing: 2024.09.05 | ||
| Details | Website | 2024-09-05 | 2 | HOW TO PREVENT LATERAL MOVEMENT IN A NETWORK | ||
| Details | Website | 2024-09-05 | 73 | BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar | ||
| Details | Website | 2024-09-04 | 2 | Demonstrating a simple XSS attack using a python script | ||
| Details | Website | 2024-09-04 | 8 | North Korean Hackers Targets Job Seekers with Fake FreeConference App | ||
| Details | Website | 2024-09-04 | 8 | North Korean Hackers Targets Job Seekers with Fake FreeConference App | ||
| Details | Website | 2024-09-04 | 8 | North Korean Hackers Targets Job Seekers with Fake FreeConference App - RedPacket Security | ||
| Details | Website | 2024-09-04 | 36 | The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government - Cyble | ||
| Details | Website | 2024-09-04 | 0 | Today’s Top Cyber Intelligence Highlights — Sep 04, 2024 | ||
| Details | Website | 2024-09-04 | 1 | Meterpreter: the ultimate command guide for hackers | ||
| Details | Website | 2024-09-03 | 20 | Trojan:Win64/Reflo.HNS!MTB Virus Analysis & Removal Guide– Gridinsoft Blog | ||
| Details | Website | 2024-09-03 | 4 | Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users | ||
| Details | Website | 2024-09-03 | 4 | Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users - RedPacket Security | ||
| Details | Website | 2024-09-02 | 15 | CYFIRMA RESEARCH : POWERSHELL KEYLOGGER - CYFIRMA | ||
| Details | Website | 2024-09-02 | 456 | RST TI Report Digest: 02 Sep 2024 | ||
| Details | Website | 2024-09-02 | 28 | Threat Intelligence Report 27th August – 2nd September 2024 | ||
| Details | Website | 2024-09-01 | 2 | SCENARIO: Exploitation of ScreenConnect Authentication Bypass Vulnerability (CVE-2024–1709 &… | ||
| Details | Website | 2024-08-29 | 24 | Monthly Threat Actor Group Intelligence Report, July 2024 (KOR) – Red Alert | ||
| Details | Website | 2024-08-28 | 6 | Rocinante: The trojan horse that wanted to fly |