Does InterceptX protect enduser from JavaScript Keylogger

Hi,

InterceptX can detect installed Keylogger by signature or behavior but what happen with rogue website loading a Keylogger using JavaScript?

Otherwise, what are the alternate protection layer we could add?

Thanks for your feedback!

  • Hi Milkyway Mike, 

    Your question is perfectly valid however "website loading a Keylogger using JavaScript" would be a broad statement. Would you have a specific example, sample website/code?

    Thanks,

    Vikas

  • In reply to Vikas:

    Hi Vikas,

    Thanks for your feedback.

    Forgive my curiosity and ignorance on the topic, but my question was triggered by this nice thread: https://nakedsecurity.sophos.com/2019/12/28/7-types-of-virus-a-short-glossary-of-contemporary-cyberbadness/, therefore, I was questioning InterceptX efficiency on these kinds of threat.

    QUOTE:

    Importantly, keyloggers don’t always need to be implemented down at the operating system level, and they often don’t need administrative or root powers to hook themselves into the keystroke data stream.

    For example, JavaScript code inside your browser can monitor (and alter, if it wants) the flow of keystrokes as you browse, meaning that rogue JavaScript injected into a login page could, in theory, recognise and steal your usernames and passwords.

  • In reply to Mike__:

    Hi  

    Intercept X can detect most keyloggers from its machine learning algorithm. However, I would suggest if you have any sample website/code, you can submit the samples/files to Sophos Labs for review. 

  • In reply to Mike__:

    Hi Mike,

    Thank you for sharing the background and some context which is really useful for me to comment. 

    Intercept X can be considered as our last layer of defense against "very new" piece of unauthorized code, something we intend to catch during run-time. We have many layers of protection before such code can even reach this stage; Deep Learning, Web Protection, Live Protection, HIPS etc.

    Our scenario here is a piece of Malicious JavaScript which might be loaded by a browser to steal credentials. I would not expect Intercept X to intervene because Sophos Anti-Virus would apprehend the malicious Code and would not allow the website to render in the first place. Also, in instances of a legitimate website being compromised, we might even classify the entire URL as Mal/HTMLGen-* hence protecting our users. 

    That being said, if you come across any example code/URL, please feel free to get in touch with us and we'll take a deeper look. 

    Thanks,

    Vikas