[flipp3r]

TLDR from the document "The keylogger generates a small transparent window which is always under the mouse pointer requesting focus. Hence, local listeners are capable of capturing the entire user input (keystrokes and mouse clicks). In the following, this keylogger window closes while the captured user input is imitated.".

On first sight, this looks quite silly..

[pas]

It has a lot of drawbacks, that make it easily noticeable that something is not right. (Browser autocompletion not working for example.) Though it's an interesting concept.

[pjc50]

I don't see why it would interfere with autocompletion - the keystrokes are passed onto the browser, after all.

Interfering with focus might be more noticeable, although Windows 10 has made this much less obvious than it used to be.

It does rather drive home the extent to which the "desktop" model is at odds with the user being able to run multiple mutually hostile applications from different sources. And sometimes the ability to read and inject keyboard input is legitimate.

[alanbernstein]

There is at least one password manager autocomplete system that works by examining the title of the current active window, so if that's not the browser, it will fail.

[zwp]

But presumably the transparent keylogger window must know which is the supposedly-active window (in order to be able to pass on keystrokes to it), so the transparent window could emulate the supposedly-active window's title?

[yorwba]

> Interfering with focus might be more noticeable, although Windows 10 has made this much less obvious than it used to be.

Interfering with focus is what breaks autocompletion. (This drawback is explained in the paper itself.)

[falcolas]

Personally, based on my experiences thus far I'd put it down to a web page that's interfering with autocomplete or blocking default actions (like pasting) in the name of "security".

IOW, web designers have already set the precedent for broken autocomplete, no keylogger required.

[erikig]

Given the sheer number of ads, video overlays and extensions that most users have to contend with - even on mainstream sites (I'm looking at you cnn.com) - I'd bet that a large percentage of users would just think that their browser was acting strange and proceed as normal.

[have_faith]

But it only doesn't work once. After which it closes, you put your password in and you just think it was a one-off glitch or you did something wrong. Browser autocomplete often doesn't work or gets cleared so I don't think many would find it suspect.

[shawnz]

If an application has access to send keystrokes to another application, isn't it necessarily true that it could just install a keyboard hook in that application (on Windows at least)?

[duskwuff]

Perhaps, but that's more likely to trip behavioral detection. The technique proposed in the OP is interesting because it may not be detected as a keylogger.