Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@dudeking I usually run Wireshark at random times just to see the network traffic on my laptop, especially before doing sensitive actions like accessing a production database. I just saw this retransmission to a new IP whenever I click a key and started investigating the payload and source.
-
I actually don't know how long the keylogger might have been on it but I have reset all my passwords for most of my services. I usually don't work on the home laptop but this just scared me bad! I am very skeptical now.
-
You may upload the malware on sites like virustotal to find out if it is a known malware. It will even show connections like 'malware families' and other common software pieces it is accompanied with.
I hope you can find out more. -
meowxiik3475yYou could use Ghindra. It's software released by NSA for reverse engineering. I'd be delighted to cooperate if you'd like!
-
@meowxiik Thank you so much for this suggestion. I have never heard of it but just saw it's repo and it seems really helpful. I shall update after trying it out
-
bols597805yAlthough not 100% conversant with the language you're using I'm certainly aware that a major clusterfuck security breach occurred whilst you were innocently rat-tat-tatting away. Long ago, I remembered to go to google when I saw an app I just *HAD* to have. I'd key in, "devrant safe?" or, as I do now, "devrant malware" and I have saved my arse so many times. Funnily enough, whilst using google chrome to clean out some temp files, I followed their instructions. In google chrome settings there's a link to clean up your hard drive's files that are completely unnecessary. Now, being inside of Google Chrome already I didn't think to ask about this clean up tool. It cleaned up the hard drive all right, by destroying it. And people wonder why I'd rather read something by Dickens in all its wordiness than hold a conversation wit dem??? Good luck with your search on this. Didn't mean to hijack the OP's tale with one minor one of me own.
-
Gentoo with OpenRC.
-> no systemd
-> everything compiled from source
😉
However, I'd like to know whether ClamAV would have detected that thing. Do you have it installed? -
@irene I haven't been successful in reverse engineering the binary so far. I am working on it and this will be the first place I'll post once I get it. The syslogs are also no longer available for that period and the server shut down
Related Rants
-
webnoob13K but why is this even possible through CSS... Linked below is a pure CSS keylogger, i.e., now you can get yo...
-
justasithlord10And may I present to you, another reason to hate WordPress! https://bleepingcomputer.com/news/...
-
shelladdicted2Grammarly aka "keylogger with useful features"
Some fucker installed a keylogger on my Ubuntu laptop at home and registered it as a systemd service. From Wireshark, it's sending each keystroke to a server in France using irc. Tried accessing the server but the moron shut it down immediately. It's the last time am fucking installing code from prebuilt binaries. If I can't build it from source then fuck off your sniffing cunt. I was about to log in into a database from that machine.
UPDATE: I found the actual file sending the keystrokes but it's binary. Anyone know how I can decode a binary file?
rant
keylogger