Mac – Keyloggers and Virtualization

keyloggervirtual machinevirtualization

Whilst pondering about security, and setting up different VM for certain online activities deemed more risky or requiring extra security (banking, or visiting untrusted websites, etc), I came to think about how such a setup (different VMs for different uses) would defend me against a keylogger.

So, two questions then:

1: If a keylogger has been installed inside a VM, can it capture data outside its own VM?

2: The opposite, does a keylogger in a host capture strokes typed within a VM residing in that host?

My bet would be No and Yes respectively, but I really have no idea. Anyone else does?

Best Answer

    1. No

    2. Yes

    A keylogger runs as software or driver within the machine, it will be limited to the virtual machine it is on.

    If the keylogger is installed on a host, it will capture all data on the host. It is possible that some virtualisation software has its own hook that overwrites the keylogger, but I doubt it.