July 2, 2018

The mystery of the black square.

Hi folks!

Can you guess what this is?

No – it’s not Malevich’s Black Square. Nor is it a rhetorical clickbait question.

Actually, if you look closely – if your screen shows it big enough – you’ll see something that’ll give you a clue, but you still might not get it…

Ok; the answer is: it is (minus the watermark) what a screenshot taken by a suspicious application on a computer protected by, for example, KTS, looks like. But how? Why?…

Cyber-criminals, cyber-military, cyber-miscreants and other cyber-lowlifes… all of them are REALLY interested in getting access to user accounts. They each have their own reasons (money, espionage, Herostratic delusions of grandeur, spying on spouses/competitors/enemies, etc.), and there are different means applied, but the end they seek is always the same: they want to obtain access to the user accounts.

But, you may be wondering why malware wants to take screenshots – given the fact that sites and software products substitute dots for the letters, numerals and/or symbols used in a password.

Actually, those dots can be gotten around – very easily in plenty of ways…

First, often a user is given the option to see the entered password (‘show password’ or some such). Second, many services show the last few symbols of a password for better service usability. Third, some services only replace the password with dots when the user proceeds to the next entry field after pressing enter. Fourth, sometimes the font size of the password is tiny – ‘so someone close by won’t be able to read it’! Fifth, there are different lifehacks and tools (like pwdcrack) that allow baddies to turn off password-masking dots. In short, the likelihood that a password will not be shown on a screen is far from zero, and malware easily exploits that fact.

Incidentally, the threat posed by the possibility of someone looking over your shoulder, or of security cameras taking a peek at your password, is negligible when compared to the threat of it being read by malware via a screenshot.

Taking screenshots is one function of what is probably the most well-known banking Trojan, Zeus; also of its many clones – for example KINS, which conducts an attack that takes screenshots when the mouse is clicked (not just when keys are hit). That is, even if a virtual keyboard is used on a banking website for entering passwords or one-time codes, the malware can still work out the entered symbols.

But it’s not only passwords that are of interest to the bad guys.

How about bank card details entered when buying something online? What about the security questions you’re asked for authentication or to recover access to a locked account? Personal details? Contents of messaging? The list goes on and on. Indeed, it is the indispensable screen that’s the main gateway to our private information and secrets; as such, it’s the one place that most needs to be kept away from the prying eyes of bad guys via screenshots. There are ways to protect it, using functions like Safe Money and/or Virtual Keyboard, but they’re not used by everyone – even the more security-conscious. And anyway, though these functions help, they’re no guarantee of total protection. For the cyber-villains still have screenshotting in their arsenal. But we’re ready and waiting for them with a solution against just that…

Most of our products have a patented technology that guards the API functions that allow applications to take screenshots. Thus, if an application is trying to take a screenshot, this is what happens:

  • The product works out which applications have their own windows on the screen;
  • Based on data from different components and subsystems (for example System Watcher and Safe Money), the product determines if these windows contain confidential/personal data;
  • The product analyses the trust rating of the applications that get access to the screen;
  • The product takes a decision on whether to block screenshot-taking ability or not. Put another way: black square or no black square.

And last but not least: there’s a bonus!

This technology that protects against malicious screenshottting helps uncover previously unknown cyberattacks. Applications that suspiciously show an interest in other ‘windows’ without a real purpose have their rating lowered, and they edge closer to being proactively detected by machine learning via KSN or manually by an expert. That way, little by little, with a truly global effort plus highly-trained cyber-brains, we all together lower the overall danger level of the internet for the benefit of everyone. Hurray! Cheers to that.

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email
  • No, thanks

READ COMMENTS 1
Comments 1 Leave a note

    Jonathan

    I tried to take a screenshot (Win key+PrtScr) of an online banking session protected by KTS Safe Money and all it gave is a black screen and it works. I’ll keep using KTS for all of my family members PCs and me and my friend will consider Kaspersky Small Office Security for our small business.

    Of all the AV programs I’ve tried, Kaspersky figured out how to balance security, performance and low false positives.

    2
    Reply to conversation
Leave a note
Facebook

April 17, 2024

1500km on the R504: devilish cold; snow, ice and hoar.

There are many different kinds of roads and highways. There are straight and there are winding; there are smooth and there are bumpy; there are fast-moving and there are snail’s pace; there are ordinary and there are beautiful (rather: ordinary, pretty, beautiful, and mind-blowing). There are plenty of beautiful roads around the world – most […]

April 16, 2024

Water, outside, not frozen – below -40°C. How?!

Our friend, the Far North – even in winter (and up there, in northern Yakutia, even March is winter). The extended winter of the North is a kingdom of eternal snow and ice, extreme cold, and endless white expanses. All the same – and you won’t believe this – you can find H2O in liquid form […]

April 12, 2024

You’ve heard of a road trip. But what about an ice-road trip?!

You’ve had your intro posts already; now, if there are no questions from the audience, I’ll proceed to my next tale from the Far Northern side, which could have been titled “Yakutian ice roads heading north from Kolyma Highway“. But first, I think – an explainer… What is an ice road? And what’s a winter […]

April 9, 2024

My friend, the North. Yakutsk-Tiksi-Yakutsk 2024.

Hi folks! Last week I completed quite possibly my most mind-blowingly awesome trip up to the Far North – from Yakutsk in a northeasterly direction and then further north to Russia’s northern coast. You’ve had a few intro-posts on the expedition already; now for a (slightly) deeper dive… My regular readers will know well how […]

April 4, 2024

Yakutian winter roads, photoshoots on frozen rivers, and 4×4 and other good fun.

Hi folks! You’ve had your aperitifs, finger-nibbles, and soup (one, two, and April 1); now for… a salad starter!… How long have we been road-tripping on Yakutian highways and winter roads? Oh – three weeks already! Time to be heading back home I guess… As usual for my expeditions, I’ve taken a ton of photos […]

April 2, 2024

Far-North Road-Trip 2024: onward – northward!

The internet connection here is really unstable – coming and going all day long. Just now it’s available though, so here’s my next mini-tranche of Siberian on-the-road/wilderness pics: These photos are of a winter road upon a frozen river. As you can see – sunny and cloudless: a beautiful day indeed. The internet’s disappeared again […]

More

Travel Vlog

You might also like…