A browser-based keylogger usually comes in the form of a browser extension. It logs any or specific data entered anywhere in the browser. The problem is that they do not get caught by the system's antivirus. Is there any way to stay safe from them?
-
4Well, the starting point would be to ensure that you don't install unwanted extensions. Definitely don't install untrusted extensions. Having said that, Form fillers can be useful in some cases: en.wikipedia.org/wiki/…– LimitCommented Dec 11, 2016 at 20:55
-
Regularly review your installed extensions? Use a bare browser when doing sensitive things?– schroeder ♦Commented Dec 11, 2016 at 21:40
Add a comment
|
5 Answers
I don't know a secure way to protect keylogging inside the browser, for example grabbing a forum password.
I don't install any extension, furthermore I use Tor Browser Bundle with javascript disabled except a few trusted sites. This way I should be fairly protected from keylogging.
Assuming your browser is keylogging, you can run it for example in VirtualBox, as @jammy47 already mentioned. This should protect you from keylogging on Linux with X server.
A more lightweight solution on Linux to avoid keylogging due to X security leaks is to use x11docker. It allows you to run GUI applications in docker images while preserving container isolation.
A rule in security just says: if unwanted code runs in your machine it is no longer your machine. So to protect your browser from keyloggers, the path is simple and straight: never install or let install anything that you do not trust, never run non administrative tasks as root on Unix-like systems and never accept priviledge escalation on Windows ones unless you are absolutely sure of the what and the why. Ok, that can mean that you should not install the hyper-sexy screen saver that you saw on your friend's machine, not that firefox extension that you girl friend found so nice. That's the real price of security (and the only reliable path to it).
answered Jan 11, 2017 at 12:51
Here you have some simple steps:
- install AV and keep it updated
- be careful of what you are installing on your system
- keep away from social engineering tricks, like "check nude pics from your friend" - before that install this player, codec etc.
- separate/isolate your browser, use another browser for important things, like banking etc.
- enable 2FA protection for your accounts wherever is possible
- sometimes virtual keyboards can be also useful
By browser based keyloggers you probably mean formgrabbers(a form of malware that intercepts data between the browser and the server.). Even if you havent downloaded any kind of unwanted extensions, you can still be infected by malwares like carberp. You can try using a virtual machine/ sandbox software and refresh you browser to be on a safer side.
There is no way other than regularly checking which extension you have installed, from which source and check its permissions.
