I'm personally using OCBC, who of cos recommends users to use the on-screen keyboards as they are supposedly more secure...

 

so quite interesting to see this article...

 

you have been warned.

 

 

Cory Doctorow: A new trojan that records screen-movies has been discovered in the wild; the malware specifically captures your mouse as you laboriously enter your password into banking sites that use on-screen keyboards to defeat keyloggers.

I've written about on-screen keyboards before -- I think that these things are bad news. They make banking sites un-accessible to people who are blind or have some physical disabilities, and while they defend against keyloggers, they also force you to have short, weak passwords. What's more, it's apparent that keyloggers can handily adapt to these screen-boards.

Today we will analyze a new banking trojan that is a qualitative step forward in the dangerousness of these specimens and a new turn of the screw in the techniques used to defeat virtual keyboards. The novelty of this trojan lies in its capacity to generate a video clip that stores all the activity onscreen while the user is authenticating to access his electronic bank.

The video clip covers only a small portion of the screen, using as reference the cursor, but it is large enough so that the attacker can watch the legitimate user's movements and typing when using the virtual keyboard, so that he gets the username and password without going into further trouble.

Link (Thanks, Peter!)