1

I have a Ubuntu home PC. I often use this system to enter passwords to various websites. Some sites also offer a graphical on screen keyboard to protect from keyloggers. However, I suspect that even the on screen keyboard is not safe from malicious software which records the computer screen. I want my passwords to be safe from such programs. Of course, I do ensure that I don't install insecure programs but I would like to have an additional layer of security.

user15740
  • 111
  • 2

2 Answers2

1

If the device is compromised to the level where the attacker can record your screen, the attacker can replace whatever they want on your screen as well. You simply cannot trust that device at all at that point. Almost all scenarios assumes that the end user device is somewhat trustworthy.

However, two factor authentication may assist a bit. It may stop an attacker from authenticating using your password - but if they have screen recording access, they can probably just steal your session cookies anyway.

vidarlo
  • 12,850
  • 2
  • 35
  • 47
0

The main issue with malwares and keyloggers is that they are getting sophisticated every day. As a result there is no single method to detect every possible malware because the intentions and methods behind it may differ entirely for different malwares.
In Linux systems, you can use ps aux to check all the running processes. Some of the popular keyloggers are named like lkl, uberkey, THC-vlogger, PyKeylogger, logkeys. At my college, I had developed a keylogger which would capture every keystroke and installed it on a Linux system for testing. The method which I used to kill the keylogger process was get the PIDs and then use kill command.
To get the PID, simply use 

ps aux | grep keylogger

This will return the process details which includes the PID.
Once you know the PID use

kill <PID>

It is important to note that this method may not always work and may not always eliminate every malware from your system. You need to yourself control your urge to download untrusted applications and codes. Keep monitoring the running processes and investigate suspicious processes. Meanwhile don't turn into a paranoid as it is quite possible to loose your mental peace in the process.
Refer this answer which talks in more a more detailed manner.

  • Why would a covert keylogger executable be named keylogger? It's ***trivial*** to change the name of a binary (lit. `mv keylogger systemd` will do). Also, an attacker would probably include ways to catch and ignore a kill, and handle sigkill with a restart. Your approach in this answer seems overly naive. – vidarlo Apr 12 '20 at 09:02