Screenlogging malware can log swipe gestures on your mobile

Pierluigi Paganini February 04, 2014

Security researcher Neal Hindocha has developed a Screenlogging malware that logs finger swipes on smart devices in combination with taking screenshots.

Pattern lock are not enough to protect our Smartphone because  hackers are able to log swipe gestures with a malware. The news was reported by Forbes, Neal Hindocha, a senior security consultant for Trustwave, has designed a Screenlogging malware that can monitor finger swipes on smart devices in combination with taking screenshots, painting a picture of exactly how the user is interacting with their phone or tablet.

screenlogging_malware

Hindocha is planning to demonstrate his Screenlogging malware at the upcoming RSA Security.
The security expert has developed a prototype malware that reproduces a behavior similar to classic keylogger  software, Screenlogging malware

 , this is the name assigned to the application, in fact

records the input typed into the keyboard and it is able to intercept users’ passwords for email, social media and any other service. 

Recording touch screen coordinates “has a certain value in itself,” “If you’re monitoring all touch events and the phone hasn’t been touched for at least one hour, then you get a minimum of four touch events, you can assume that is a PIN code being entered.” “The more interesting thing is, if you get a screenshot and then overlay the touch events, you’re looking at a screenshot of what the user is seeing, combined with dots, sequentially, where the user is touching the screen.” Hindocha says.

The Screenlogging malware  monitors the inputs taped and swiped on the screen recording the X and Y coordinates where the user has touched the screen, the data are then used to so a hacker would know what the user is doing and on which application.

There are a series of limitations for the current version of Screenlogging malware,  it needs the administrative privileges of host device for the execution, this means that he works on rooted Android devices and jailbroken iOS, and to install the malicious code the victim’s device should be connected to a computer via USB cable.
Both limitations could be bypassed in future version, that’s why security experts consider the POC for Screenlogging malware really interesting.
Try to image the application in the wrong hands!
(Security Affairs –  Screenlogging malware, mobile)


you might also like

leave a comment