Tuesday, April 16, 2024

Some Top 100,000 Websites Placing Keylogger to Collect Everything You Type

The majority of top-ranked websites (100,000 websites) include malicious keyloggers that are designed to capture every single character that you type or enter in forms before submitting like:-

  • Signing up for a Newsletter
  • Making a hotel reservation
  • Checking out online

The top 100,000 websites were crawled and analyzed by researchers at the following universities:-

  • The University of Lausanne
  • The KU Leuven
  • The Radboud University

The aim of this study is to look at how users might interact with a site while inside the European Union and while inside the USA.

In-depth Analysis

The researchers determined that there were 1,844 websites that recorded the email of EU users without their permission and that 2,950 of these gathered a US user’s email address without their consent.

During a specific crawl of password leak websites in May 2021, the researchers found 52 instances of third-parties collecting password data before submission, including Yandex from Russia.

In the meantime, the 52 cases reported by the group were all resolved after they were disclosed to those organizations. A keystroke feature in some websites is used to log the data from keystrokes as they are keyed in. 

The trouble with this is that there are plenty of websites that get the complete submission from one field when the user clicks on the next.

Here’s what a privacy and identity researcher at KU Leuven and one of the study co-authors, Asuman Senol stated:-

“In some cases, when you click the next field, they collect the previous one, like you click the password field and they collect the email, or you just click anywhere and they collect all the information immediately. We didn’t expect to find thousands of websites; and in the US, the numbers are really high, which is interesting.”

Because of the General Data Protection Regulation of the EU, it has been suggested regional differences are caused by European companies being more cautious about tracking users, and even possible integration with fewer third parties.

During the meeting, the group discovered that Meta Pixel and TikTok Pixel are invisible marketing tracking tools that web-based services incorporate into their websites in order to track consumers across the web and target them with advertisements.

While it has been confirmed that 8,438 sites may have been sending information to Meta (Facebook’s parent company) through “pixels” of the US users. Apart from the US, in total, there are 7,379 sites that are likely to be affected by users in Europe.


You may not be able to fully protect yourself from all collection attempts by simply removing your data from a form before submitting it. That’s why a new addon for Mozilla Firefox has been developed by the experts which is dubbed, “LeakInspector.”

LeakInspector highlights input fields that contain personal data when tracker scripts read (“sniff”) these fields and block leaky requests.

Technology firms are looking at restricting the use of cookie-based tracking as a means of protecting privacy. There will be a growing reliance on static IDs, such as phone numbers and email addresses by marketers and analysts.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Hacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide

Cybersecurity researchers at Kaspersky have uncovered evidence that cybercriminal groups are customizing the virulent...

Microsoft .NET, .NET Framework, & Visual Studio Vulnerable To RCE Attacks

A new remote code execution vulnerability has been identified to be affecting multiple Microsoft...

LightSpy Hackers Indian Apple Device Users to Steal Sensitive Data

The revival of the LightSpy malware campaign has been observed, focusing on Indian Apple...

LightSpy Malware Attacking Android and iOS Users

A new malware known as LightSpy has been targeting Android and iOS users.This sophisticated...

This Startup Aims To Simplify End-to-End Cybersecurity, So Anyone Can Do It

The Web3 movement is going from strength to strength with every day that passes....

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles