Hot Take Kaspersky Safe Money Bypass.

[Xeno1234]

 

[piquiteco]

@Xeno1234 This is nothing new, the only ones that really protect against keyloggers and screenshots are Comodo Secure Shopping, Bitdefender SafePay and SpyShelter itself, and perhaps more specifically against keyloggers is KeyScrambler.

 

[brambedkar59]

Taking nothing away from the test, it's a good one, but if malware is already running with Admin privileges you are done.

 

[harlan4096]

I think this test is irrelevant since probably that test app is located in Trusted group in Intrusion Prevention / Application Control, so...

 

[Xeno1234]

I think this test is irrelevant since probably that test app is located in Trusted group in Intrusion Prevention / Application Control, so...

Nope, it was in Low Restricted.

 

[Xeno1234]

@Xeno1234 This is nothing new, the only ones that really protect against keyloggers and screenshots are Comodo Secure Shopping, Bitdefender SafePay and SpyShelter itself, and perhaps more specifically against keyloggers is KeyScrambler.

Kaspersky themselves has said that Safe Money has advanced antikeylogger technology
However, am I at risk if I just use Kaspersky? Could I get keylogged, or would online sandboxes detect keyloggers as malware?

 

[_Vimaro_]

Hi everyone, just want to add to this topic:
- IMHO, Would be great if you share additional details of environment (i.e.: product settings); This, because you could use "Recommended settings"
- In your Kaspersky Technical Forum post, some user shared results of your tested Keylogger hash in Kaspersky Threat Intelligence Portal where the verdict for that application is "Not-A-Virus". According to Kaspersky Blog, this means: "Generally speaking, Kaspersky Internet Security associates “not-a-virus” with two types of applications: adware and riskware. Both types are not malicious by nature, so they cannot be called viruses. Still, users should know that they are installed; the applications may do something unwanted."
Source: Not-a-Virus: What is it?

 

[Xeno1234]

Hi everyone, just want to add to this topic:
- IMHO, Would be great if you share additional details of environment (i.e.: product settings); This, because you could use "Recommended settings"
- In your Kaspersky Technical Forum post, some user shared results of your tested Keylogger hash in Kaspersky Threat Intelligence Portal where the verdict for that application is "Not-A-Virus". According to Kaspersky Blog, this means: "Generally speaking, Kaspersky Internet Security associates “not-a-virus” with two types of applications: adware and riskware. Both types are not malicious by nature, so they cannot be called viruses. Still, users should know that they are installed; the applications may do something unwanted."
Source: Not-a-Virus: What is it?

Kaspersky has detected this testing tool as “Not a virus”. To run it, I turned off File AV - thus allowing me to execute it, and therefore keylog. This test is ment to show that Safe Money (which should stop keyloggers) in fact lets me keylog. This application was listed as trusted if you right click with KSN, but with the test it was placed in the low restricted group in HIPS.

In terms of changed settings, file AV was set to extreme, however it was disabled. Other than that, nothing was modified.

Finally, this was tested on my main pc, as the software isn’t malicious, it’s just for testing purposes.

 

[Sandbox Breaker]

That file with some obfuscation would bypass their sig. Plus some counter signing.

 

[Xeno1234]

That file with some obfuscation would bypass their sig. Plus some counter signing.

Obfuscation probably won’t work, speaking as it’s a heuristic detection, it’s local emulation. The code is executed, therefore the obfuscation is gone.

But your point stands, it could bypass File AV, therefore you don’t have that component to help you. That’s what the test is supposed to represent.

 

[Sandbox Breaker]

Obfuscation probably won’t work, speaking as it’s a heuristic detection, it’s local emulation. The code is executed, therefore the obfuscation is gone.

But your point stands, it could bypass File AV, therefore you don’t have that component to help you. That’s what the test is supposed to represent.

Yep. Well said.

 

[Xeno1234]

After further testing, I can conclude this
Without Safe Money, even with virtual keyboard, you are able to keylog.
With Safe Money, on anything applicable to Secure Keyboard Imput, the keys are only registered as "Y", therefore the keylogging is blocked.

 

[Brahman]

After further testing, I can conclude this
Without Safe Money, even with virtual keyboard, you are able to keylog.
With Safe Money, on anything applicable to Secure Keyboard Imput, the keys are only registered as "Y", therefore the keylogging is blocked.

can you test it again with KeyScrambler installed?

 

[piquiteco]

Kaspersky themselves has said that Safe Money has advanced antikeylogger technology

Yes, it's true that Kaspersky Safe Money has advanced anti-keylogger technology, but from what I saw in the video you used a SpyShelter security test tool which is a legitimate tool created by Datpol, so Kaspersky didn't alert you to it as a keylogger, malicious, virus or malware. So it's not a keylogger, it's just a keylogger simulator.

However, am I at risk if I just use Kaspersky? Could I get keylogged, or would online sandboxes detect keyloggers as malware?

No, you don't run any risk using Kaspersky, because it has application control and KSN and by itself is very effective, it's one of the first products to detect threats when they emerge. Don't worry about keyloggers, this niche software is a bit outdated these days, most AVs will detect and eliminate keyloggers.

VirusTotal

VirusTotal

www.virustotal.com

Spoiler