Screen Capturing

Screen capturing is a very simple technique of taking a screen shot of the screen. The operating system includes an API that allows any software on the desktop to take screen shots of the desktop. Malware uses this API to capture the screens while the user is logged into a website. Using this technique the malware can gather information about the user and the account. One of the more interesting use cases of screen capturing is to defeat keypads and pinpads. Many banks have adopted keypads and pinpads to prevent keyloggers from recording keystrokes while the user types in a password. Using the keypad the user clicks with the mouse on a virtual keyboard instead of the real keyboard. Keystrokes are not generated and the keylogger becomes useless. To defeat that fraudsters have generated a screen capturing keylogger. This malware takes a screen shot whenever the user clicks the mouse during the login process. The screen shots are then sent to the attacker who can learn the password by observing the location of the mouse during the click.

Sample Attacks:

Rapport defeats screen capturing using its API blocking layer. When the user accesses a sensitive page Rapport prevents the use of screen capturing API calls. Malware cannot capture the screen when it contains sensitive information.