Screen Scraper
What is Screen Scraper?
Screen ScraperMalware or surveillance code that captures images of a victim's screen or extracts text from it to harvest data displayed on-screen.
A malicious screen scraper periodically takes screenshots, records video, or uses OCR/UI-automation APIs to read what is shown to the user — credentials, bank balances, chat messages, MFA codes, virtual keyboard inputs. It is especially effective against on-screen keyboards, account dashboards and rendered tokens that traditional keyloggers miss. Screen scrapers commonly appear inside banking trojans, RATs and commercial stalkerware. Defences include EDR detection of suspicious capture APIs, restricting unauthorized accessibility/automation permissions, MFA based on hardware keys, sensitive UI masking, and monitoring outbound traffic for unusual image uploads.
● Examples
- 01
Banking trojans that screenshot the desktop when an online-banking site is open.
- 02
Stalkerware on Android using accessibility services to read chat windows.
● Frequently asked questions
What is Screen Scraper?
Malware or surveillance code that captures images of a victim's screen or extracts text from it to harvest data displayed on-screen. It belongs to the Malware category of cybersecurity.
What does Screen Scraper mean?
Malware or surveillance code that captures images of a victim's screen or extracts text from it to harvest data displayed on-screen.
How do you defend against Screen Scraper?
Defences for Screen Scraper typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Screen Scraper?
Common alternative names include: Screen capture malware, Screen grabber.