Firefox Keylogger

[Nichele Seibel]

Akeylogger, also known as a keystroke logger, is a software program or hardware device that is used to monitor and log each of the keys a user types on his/her keyboard. It is a type of surveillance software that has the capability of recording each and every keystroke and making a log file of them.

A software-based keylogger doesn't require physical access to the victim's computer. It can be easily downloaded from the Internet for the purpose of spying activity on a particular system. It can be also installed on a system unwillingly as a spyware and executed as a part of a remote administration tool, which is also known as a Trojan. Basically, a keylogger program has two files, DLL (dynamic link library) and EXE (executable). These two files are installed in the same directory; the DLL file records all keystrokes and the EXE file helps to install the DLL file trigger. After being successfully installed, the program starts making a log of all keystrokes and uploads the data over the Internet to whoever installed the program. Keyloggers often run in a stealth mode and they usually don't sit in the systems tray. They also hide the program from the task menu within windows files.

A keylogger has some advantages, also; in the corporate world, keyloggers are often used to monitor employees' activities when they use the company's computer. Keyloggers are also helpful in the home, monitoring the online activities of children.

In this tutorial I am going to show you a different kind of keylogger, which works on the Mozilla Firefox browser. Basically we will create a Firefox add-on that works as a keylogger and sends the logs in the server.

First download the source code of keylogger from here: -KL.tar.gz. I suggest you to use the Linux operating system. After downloading the source code extract the file and we get some files and folder like this:

In the figure above, we see that we can make some simple changes here, such as renaming the name of add-on to "Ad Blocker," because the users will believe this add-on and will readily install it on their browsers.

We can see here we uploaded our key_strokes.php file to the server; now, after uploading the file, we will have a URL for this uploaded file in this format yourdomainname.com/key_strokes.php. So here is mine: _strokes.php.

Now there is another folder named chrome in the keylogger source code folder. Inside the chrome folder is another folder named content, which contains a XUL file named remote_keylogger.XUL . We have to do some minor editing in this file, so open the file.

We can see that our "Ad Blocker" is successfully installed. Let us see if it is working or not. Go to Google and type anything you want; for example, here I am typing in Google search "let us try some hacking..our keylogger is working or not."

Warlock works as a Information Security Professional. He has quite a few global certifications to his name such as CEH, CHFI, OSCP and ISO 27001 Lead Implementer. He has experience in penetration testing, social engineering, password cracking and malware obfuscation. He is also involved with various organizations to help them in strengthening the security of their applications and infrastructure.

Keyloggers are one of the most dangerous types of malware, as hackers can use these programs to monitor exactly what you are typing. This can be catastrophic for your business if your login details or banking passwords are intercepted. Early versions of the Firefox browser contained a potential keylogger flaw that made it a tempting target for hackers. If you use this browser in your business, it is important to make sure it is secured against the threat of keyloggers.

Firewall and anti-malware software must be kept up to date and should start automatically when your computer boots to safeguard against keyloggers. Even if your malware scanner does not pick up a keylogger, your firewall will prevent any data captured from being transmitted to a hacker. Set your firewall to alert you as soon as any program attempts to make an outgoing connection. Since keyloggers need to connect to the Internet to send the data to a remote hacker, your firewall will block this outgoing connection.

A wide variety of useful add-ons and extensions are available for Firefox that can enhance your browsing experience; however, these add-ons also make it easy for hackers to install keyloggers. Click the "Firefox" button at the top left corner of the browser and then click "Add-ons" to view a list of extensions and plugins currently installed. Click the "Disable" or "Remove" button next to any keyloggers or suspicious add-ons. In the future, never install add-ons from untrusted sources.

Another method to safeguard Firefox against the threat of keyloggers is to use keystroke encryption software, which encrypts keystrokes as you type and decrypts them as they reach the application. You'll see no difference, but the keystrokes that might be monitored by a keylogger will appear as gibberish. Firefox add-ons like Keylogger Beater (link in Resources) display a "virtual keyboard" you can use to enter sensitive information via your mouse instead of keystrokes. Others, such as KeyScrambler Personal (link in Resources), encrypt everything you type into your browser, making it undecipherable to keyloggers.

Hackers are always looking for ways to exploit security vulnerabilities in Firefox, so it is important to keep your browser up to date. Mozilla regularly releases updates as exploits are discovered. The default configuration for Firefox automatically checks for new updates and notifies you when they're available. You must restart the browser for these updates to take effect. Use the plugins check page (link in Resources) to ensure that all of your plugins are also up to date and secure.

Software programs downloaded illegally from the Internet typically require program modifications, called "cracks," or keys to run. Hackers commonly use these cracks to install a keylogger on your system. When you run the crack, it activates the keylogger as well, which is installed on your PC without your knowledge. Avoid using peer-to-peer file-sharing networks where these types of files proliferate. Furthermore, never be fooled into clicking suspicious email attachments, as this is another method used by hackers to install keyloggers on your computer.

Virtually growing up in a computer repair shop, Naomi Bolton has held a passion for as long as she can remember. After earning a diploma through a four year course in graphic design from Cibap College, Bolton launched her own photography business. Her work has been featured on Blinklist, Gameramble and many others.

Restarting FF sorts it for a while. The reason I suspect keyboard protection: w/out restarting FF I can toggle that off and the problem is fixed. What I haven't tested is to leave keyboard protection OFF permanently to see if the issue occurs. Would rather leave protection ON.

Nothing else like that running that I'm aware of. The FF privacy add-ons I'm using are Ublock Origin, Adblocker Ultimate, and Privacy badger. A quick look at their settings doesn't turn up an anti-keylogger option, but perhaps I'm missing something.

Caught it messing up again and launched the log collector. I have some general privacy concerns about some of the logs - without really digging in to see what they include. Can you suggest what's necessary in the report and what can be omitted?

Another solution here is if this issue is not add-on related is to disable the Secure all browsers option in B&PP settings. When you wish to conduct a web based financial transaction, open B&PP secured browser via Eset desktop icon option.

It is logical to assume that if keystroke interception was occurring, it would interfere with B&PP key scrambling activities. Namely, the re-translation of scrambled key characters to their original form.

Someone posted recently a screenshot of Lenovo software performing outbound Internet activity and Eset issues with blocking that activity: -interactive-firewall-cannot-block-lenovo-vantage/?do=findComment&comment=175158 .

What caught my attention on the screenshot was something called Lenovo keyboard utility. Checking that out further yields this: -lenovo-utility-for-windows-10-64-bit-notebook . If like software from Lenevo is installed on your device, it could be conflicting with B&PP anti-keylogger protection. You can temporarily uninstall that software and see if that resolves your issue with B&PP keylogger protection.

Same problem, but on the gmail.com website. Composing emails works correctly, but when I download a PDF file and save it as in another location on the network, I have the problem with the keyboard. The only solution is to disable the Eset keyboard protection. In Firefox, even if I have the keyboard protect option activated, everything works fine, it only happens to me in Chrome (latest version as of today). I only have the uBlock Origin extension.

I'm talking about incompatibility with apps like this one: -keyboard.html which is used by a lot of people in my region. ESET is not compatible with this app. An ESET staff on this forum told me that ESET will work to make it compatible but that was a while ago. Nothing has changed so far. I think ESET should add apps like this to the incompatible list.

3a8082e126