ReiKey app for macOS can detect Mac Keyloggers using event taps

ReiKey is a free tool that allows to scan and detect keylogger that install persistent keyboard “event taps” to intercept your keystrokes.

Good news for macOS users, a new open source tool dubbed ReiKey allows them to detect Mac Keyloggers. The ReiKey app monitor systems for applications that analyzed keyboard ‘event taps‘ to monitor and filter input events from several points within the system intercept keystrokes.

Event taps are added by both malicious applications and legitimate software to manage inputs provided by the user.

ReiKey was developed by the popular macOs expert and former NSA white hat hacker Patrick Wardle. The application is able to detect malicious codes that uses the CoreGraphics framework to monitor event taps.

According to Wardle, most macOS keyloggers rely on ‘event taps’ implemented in the CoreGraphics framework to capture keystrokes, for this reason, the expert developed the tool to detect any new tap event that is added to the system.

Note that tool is effective only against keylogger that installs install CoreGraphics keyboard “event taps, but there are other way to implement keylogging features.

“The majority of macOS malware that contains keylogger logic (to capture keypresses) does so via CoreGraphics ‘event taps.'” states the post published by Wardle.

“ReiKey was designed to detect such keyboard taps, alerting you anytime a new tap is installed. In other words its goal is generically detect (the most common type of) macOS keyloggers.”

The tool scans for existing keyboard “event taps” and alerts whenever a new keyboard event tap is activated.

The scan provided the users the following information:

  • the process that installed the keyboard event tap
  • the target of the event tap (which is normally global, for all processes)
  • the type of keyboard event tap; either “passive listener” or “active filter”

The scan results will also include legitimate entries, so users need to carefully analyze them.

Wardle already released the ReiKey 1.1 version that allows to instructs ReiKey to flag as benign some specific applications, like Apple ones.

ReiKey doesn’t require special permissions to work.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase