Screenlogging malware can log swipe gestures on your mobile

Security researcher Neal Hindocha has developed a Screenlogging malware that logs finger swipes on smart devices in combination with taking screenshots.

Pattern lock are not enough to protect our Smartphone because hackers are able to log swipe gestures with a malware. The news was reported by Forbes, Neal Hindocha, a senior security consultant for Trustwave, has designed a Screenlogging malware that can monitor finger swipes on smart devices in combination with taking screenshots, painting a picture of exactly how the user is interacting with their phone or tablet.

Hindocha is planning to demonstrate his Screenlogging malware at the upcoming RSA Security.

The security expert has developed a prototype malware that reproduces a behavior similar to classic keylogger software, Screenlogging malware

, this is the name assigned to the application, in fact

records the input typed into the keyboard and it is able to intercept users’ passwords for email, social media and any other service.

Recording touch screen coordinates “has a certain value in itself,” “If you’re monitoring all touch events and the phone hasn’t been touched for at least one hour, then you get a minimum of four touch events, you can assume that is a PIN code being entered.” “The more interesting thing is, if you get a screenshot and then overlay the touch events, you’re looking at a screenshot of what the user is seeing, combined with dots, sequentially, where the user is touching the screen.” Hindocha says.

The Screenlogging malware monitors the inputs taped and swiped on the screen recording the X and Y coordinates where the user has touched the screen, the data are then used to so a hacker would know what the user is doing and on which application.

There are a series of limitations for the current version of Screenlogging malware, it needs the administrative privileges of host device for the execution, this means that he works on rooted Android devices and jailbroken iOS, and to install the malicious code the victim’s device should be connected to a computer via USB cable.

Both limitations could be bypassed in future version, that’s why security experts consider the POC for Screenlogging malware really interesting.

Try to image the application in the wrong hands!

Pierluigi Paganini

(Security Affairs – Screenlogging malware, mobile)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.