Malware Security Evasion Techniques: An Original Keylogger Implementation ´ Alvaro Arribas Royo 1 , Manuel S´ anchez Rubio 1 , Walter Fuertes 2(B ) , Mauro Callejas Cuervo 3 , Carlos Andr´ es Estrada 2 , and Theofilos Toulkeridis 2 1 Faculty of Engineering, Universidad Internacional de la Rioja, Logro˜ no, La Rioja, Spain {alvaro.arribasroyo,manuel.sanchezrubio}@unir.net 2 Department of Computer Sciences, Universidad de las Fuerzas Armadas ESPE, Sangolqu´ ı, Ecuador {wmfuertes,caestrada4,ttoulkeridis}@espe.edu.ec 3 Faculty of Engineering, Universidad Pedag´ogica Tecnol´ogica de Colombia, Tunja,Boyac´a,Colombia mauro.callejas@uptc.edu.co Abstract. The current study evaluates the malware life cycle and devel- ops a keylogger that can avoid Windows 10 security systems. Therefore, we considered the requirements of the malware in order to create a key- logger. Afterward, we developed a customized and unpublished malware, on which we added as many features as necessary using the Python pro- gramming language. At the end of this process, the resulting executable program will execute three main threads responsible for collecting the screenshots, keystrokes, and creating the backdoor in the infected sys- tem. Furthermore, we added the required methods to avoid the leading security tools used in Windows environments. Finally, we tested the exe- cutable file resulting on different websites as proof of concept in a real scenario. As a result, the keylogger has avoided Windows 10 firewalls, user account control, and the antivirus. Moreover, it gathered a signifi- cant amount of confidential information about user behavior, including even the credentials of the users, without noticing them. Keywords: Keylogger · Malware · Evasion techniques 1 Introduction In recent years, information and communication technologies have significantly impacted the economic, social, and political sectors. Due to this high impact, the so-called cybercriminals have identified these sectors as the most prosperous to commit their cyber-crimes [23]. In this way, during a period when malware evolved over the years and hereby becoming attractive for cybercriminals to obtain benefits from, the preventive measures implemented in the different oper- ating systems advanced as well, offering more protection against these threats to c  The Author(s), under exclusive license to Springer Nature Switzerland AG 2021 ´ A. Rocha et al. (Eds.): WorldCIST 2021, AISC 1365, pp. 375–384, 2021. https://doi.org/10.1007/978-3-030-72657-7_36