RogueKiller Anti-malware is already protecting against Ransomware and of course against classic malware execution. What if a malware is very new, totally unknown and tries to steal your most critical data, like credit card information or your bank account password ? We thought about it, and made the Roguekiller clipboard protection module.
What is Clipboard Protection, how does it work ?
If you use a password manager, or have cryptocurrencies, you probably use the clipboard. Clipboard is a memory storage where the information goes when you click on « Copy », or use the CTRL+C shortcut. Problem being this information is not encrypted, and can be accessed very easily by any program.
Why is it a problem ?
We have identified several typical scenarios used in the wild by real malware:
- You use a password manager, and search for your bank account login / password. You hit the « copy » button, a malware will be able to read it in clear text. It’s then a piece of cake to send it to the hacker.
- You want to purchase something online, and use copy and paste to put the credit card information at checkout page. A malware will be able to steal this even if you are on a secured website.
- You are a cryptocurrencies owner and user, and you use copy / paste on a Bitcoin or Ethereum address to send money to another wallet. A malware can replace this address on-the-fly to receive the money in their wallet.
How does the protection work ?
When a new process starts, if the program is untrusted or unknown, it will be injected with the RogueKiller Anti-malware monitor. This monitor will be able to detect if the clipboard contains sensitive data (and the type), and verify if the program is allowed to read (or write) this data from the clipboard.
If the program tries to perform action that is not allowed, the action is blocked and the process is reported by a notification.
How do I protect myself ?
The Clipboard protection is a new module in protection settings, responsible for protecting critical data from theft. If you activate Clipboard protection in protection settings, you are protected against data theft in the clipboard.
Whenever an untrusted program tries to read (or write) a sensitive information from the clipboard, the action is blocked and a notification will inform the user.
The Clipboard protection notifications can be reviewed in the history, in case you missed it. You can also, like any other protection event, add an exclusion if you believe the program is legit.
Clipboard protection is available in RogueKiller Premium starting with version 15.6.
