6/22/2023 0 Comments Reikey macosCalled ReiKey, the app can scan and monitor for software that installs keyboard event taps to intercept keystrokes.Įvent taps allow monitoring and filtering input events, like keyboard presses, before they pass to a foreground application. Talks and slides from the conference’s first edition are available here.MacOS users have a new open source tool to help them identify generic keyloggers on their system. Wardle is also the man behind the Objective by the Sea conference, one of the few security conferences focused on Mac malware. Other free Mac security apps that Wardle has released in the past under this brand include LuLu (firewall), Do Not Disturb (evil maid protection), KnockKnock (detection of persistently installed Mac software), RansomWhere (ransomware detection and protection), OverSight (detection of Mac malware that records audio and video sessions), and many other more. ReiKey is just the latest app released under the Objective-See brand of Mac security and privacy apps. Nonetheless, because it’s a free app, it’s a solid alternative for Mac users who can’t afford a full-blown antivirus. Users should be aware that ReiKey doesn’t detect all types of macOS keyloggers, as some of these might be using other methods for recording keystrokes. Screenshots of these features and more are available below: Users can trigger the on-demand all-system scan from the ReiKey icon (by clicking the “Scan…” option), or they can use ReyKey from the command-line. If the app installs an event tap for which it doesn’t have a reason to do so, then the user should either look into the app’s features for an explanation or consider using an alternative app.īy default, ReiKey runs all the time in the OS’ background and listens to newly registered event taps, but it can also scan a system on demand for any processes that have already installed a CoreGraphics keyboard event tap. However, very few macOS apps tend to use event taps, and ReiKey is the perfect app to have your back when installing new or never-before-used apps. In some cases, these notifications will be false positives, as some apps with accessibility features or that respond to various keyboard commands will also use CoreGraphics event taps to respond to user input. When ReiKey detects any app that registers a new CoreGraphics event tap, it shows a popup notification with information about the suspicious process that created so that the user can look into and determine if this originated from a legitimate or malicious process. Wardle’s app works by continuously scanning the operating system for newly registered CoreGraphics event taps. ReiKey was specifically created to work around this common keylogger design pattern. “The majority of macOS malware that contains keylogger logic (to capture keypresses) does so via CoreGraphics ‘event taps’,” said Wardle. Named ReiKey, Wardle created and released this new app towards the end of 2018, as the researcher started looking into the inner workings of macOS keyloggers. Patrick Wardle, a former NSA hacker who in recent years has become the de-facto expert on everything Mac malware, has created and released a Mac app that can detect certain types of macOS keyloggers.
0 Comments
Leave a Reply. |