Phishing page embeds keylogger to steal passwords as you type
A novel phishing campaign is underway, targeting Greeks with phishing sites that mimic the state's official tax refund platform and steal credentials as they type them. [...]
Keyloggers record keystrokes to steal passwords, messages, and other sensitive data, making them a serious risk to account security and privacy.
Search across headline titles and summaries.
Background for this topic.
Keylogger is software, firmware, or a physical device that records keyboard input, often covertly, and stores or transmits it to another party. In security reporting, the term usually means an unauthorized surveillance or credential-theft tool, although legitimate monitoring tools can use similar techniques with authorization. Captured text may include passwords, recovery codes, messages, and sensitive business data.
Keyloggers matter because they target the endpoint and input process: malware may be installed through phishing or malicious software, while hardware versions require physical access. They may expose passwords or one-time codes entered on an infected device. Defenses include endpoint monitoring, application control, least privilege, timely patching, and inspection of unfamiliar USB or keyboard hardware. If suspected, isolate the device, preserve evidence, reset credentials from a clean device, revoke sessions or tokens, and assess what information was entered.
A novel phishing campaign is underway, targeting Greeks with phishing sites that mimic the state's official tax refund platform and steal credentials as they type them. [...]
Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger, which has been touted as a successor to the widely used information stealer and remote access trojan (RAT) known as Agent Tesla