ReiKey is a free tool that allows to scan and detect keylogger that install persistent keyboard “event taps” to intercept your keystrokes.
Good news for macOS users, a new open source tool dubbed ReiKey allows them to detect Mac Keyloggers. The ReiKey app monitor systems for applications that analyzed keyboard ‘event taps‘ to monitor and filter input events from several points within the system intercept keystrokes.
Event taps are added by both malicious applications and legitimate software to manage inputs provided by the user.
ReiKey was developed by the popular macOs expert and former NSA white hat hacker Patrick Wardle. The application is able to detect malicious codes that uses the CoreGraphics framework to monitor event taps.
According to Wardle, most macOS keyloggers rely on ‘event taps’ implemented in the CoreGraphics framework to capture keystrokes, for this reason, the expert developed the tool to detect any new tap event that is added to the system.
Note that tool is effective only against keylogger that installs install CoreGraphics keyboard “event taps, but there areother way to implement keylogging features.
“The majority of macOS malware that contains keylogger logic (to capture keypresses) does so via CoreGraphics ‘event taps.'” states the post published by Wardle.
“ReiKey was designed to detect such keyboard taps, alerting you anytime a new tap is installed. In other words its goal is generically detect (the most common type of) macOS keyloggers.”
The tool scans for existing keyboard “event taps” and alerts whenever a new keyboard event tap is activated.
The scan provided the users the following information:
the process that installed the keyboard event tap
the target of the event tap (which is normally global, for all processes)
the type of keyboard event tap; either “passive listener” or “active filter”
The scan results will also include legitimate entries, so users need to carefully analyze them.
Wardle already released the ReiKey 1.1 version that allows to instructs ReiKey to flag as benign some specific applications, like Apple ones.
ReiKey doesn’t require special permissions to work.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.