I use Keypass to store my passwords to various sites. Will keyloggers be
able to get the login information when we use the drag and drop procedure? How
about the password when we type to open the Keypass utility?
In this excerpt from
Answercast #13, I look at what keyloggers might be doing on your computer, how to protect your valuable information, and how to stay safe on the internet.
Become a Patron of Ask Leo! and go ad-free!
Keyloggers can do anything
If you have malware on your machine (and make no mistake about it,
keyloggers are malware), then the malware can do anything. I want to emphasize
We often talk about keyloggers and the answer is, “Absolutely!” If a
keylogger is only logging keystrokes, great… don’t use a keystroke and
chances are what you’re doing won’t be logged.
The problem is that oversimplifies a much larger problem.
People think they are safe because they’ve avoided this keystroke issue,
when in fact, they’re just as vulnerable as before because malware is more than
keyloggers. Malware can monitor whatever you do.
Malware can track you
So, for example, if you use drag and drop, what you’re really doing is using
a form of copy/paste. The important thing here is that if it’s written
properly, malware can insert itself into the drag and drop process and see what you’re
doing. Malware can certainly hook itself into whatever Keypass uses when it’s
accepting the password from you.
So, absolutely, malware can certainly record the password that you type
into Keypass or any other password vault.
What is being recorded?
People have talked about using onscreen keyboards. They’ve used scrambling
software. They’ve used all sorts of things.
- And absolutely, if the malware is only recording keystrokes, and you don’t
use keystrokes, it’s not going to be recorded.
But how do you know? The malware could easily be taking a screen shot; they
could be monitoring other things in addition to keystrokes. You simply don’t
know that you’re safe.
Protect yourself from all malware
Do not assume that if you’ve protected yourself from keyloggers; you’ve
actually protected yourself.
You must make sure that you’re protecting yourself from all forms of
malware before you can start to consider yourself even close to safe when it
comes to this kind of hacking or malware intrusion.
End of Answercast #13 Back to – Audio Segment