ReiKey Tool Protects Against macOS Keyloggers
NEWS

ReiKey Tool Protects Against macOS Keyloggers

It’s no news that macOS users also need protection against malicious code. The good news is that macOS users now have a new tool designed to help them identify generic keyloggers that may be plaguing their systems. The tool is called ReiKey, and has been developed by the acclaimed security researcher Patrick Wardle.




ReiKey Technical Overview: What Does the Tool Do for macOS Users?

So, what does ReiKey do? The tool scans and monitors for software that installs the so-called keyboard event taps to intercept keystrokes. Malware and other applications may install persistent keyboard “event taps” to intercept the user’s keystrokes. This is where ReiKey comes in, as it can scan, detect, and monitor for such event taps.

Related:
This article features a selection of the most devstructive macOS malware pieces detected in the wild in recent years, such as backdoors and ransomware.
Top 5 Most Destructive macOS Malware Pieces

In general, macOS keyloggers rely on CoreGraphics even taps to capture keystrokes. What ReiKey does is detecting and alerting the user whenever a new tap is added to the system, Wardle explains. It should also be noted that legitimate apps, benign programs and system components may install event taps on the system, such as Siri. However, this is normal behavior.

The most recent version of the tool, v1.1, is already capable of muting alerts about benign programs from Apple. The feature is enabled by default, and this has led to a lower rate of false positives.

ReiKey Detects Only KeyLoggers Utilizing CoreGraphics Event Taps

ReiKey has an “always-on protection” against keyloggers but also offers an on-demans scan. Both are possible due to the OS-level notification system known as com.apple.coregraphics.eventTapAdded. This system is responsible for the delivery of messages in case a new event tab is added.

ReiKey only works against keyloggers that install the CoreGraphics event taps, meaning that only malware utilizing those will be detected. This may be the most common method used by macOS keyloggers but there are other techniques as well.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...