Feature
While sometimes keyloggers can be used legally, generally they're used to snoop on you for illicit purposes.
By Josh Fruhlinger
Contributing writer, CSO |
What is a keylogger?
A keylogger is a tool that can record and report on a computer user's activity as they interact with a computer. The name is a short version of keystroke logger, and one of the main ways keyloggers keep track of you is by recording what you type as you type it. But as you'll see, there are different kind of keyloggers, and some record a broader range of inputs.
Someone watching everything you do may sound creepy, and keyloggers are often installed by malicious hackers for nefarious purposes. But there are legitimate, or at least legal, uses for keyloggers as well, as parents can use them to keep track of kids online and employers can similarly monitor their workers.
What does a keylogger do?
The basic functionality of a keylogger is that it records what you type and, in one way or another, reports that information back to whoever installed it on your computer. (We'll go into the details in a moment.) Since much of your interactions with your computer—and with the people you communicate with via your computer—are mediated through your keyboard, the range of potential information the snooper can acquire by this method is truly vast, from passwords and banking information to private correspondence.
Some keyloggers go beyond just logging keystrokes and recording text and snoop in a number of other ways as well. It's possible for advanced keyloggers to:
- Log clipboard text, recording information that you cut and paste from other documents
- Track activity like opening folders, documents, and applications
- Take and record randomly timed screenshots
- Request the text value of certain on-screen controls, which can be useful for grabbing passwords
What types of keyloggers are there and how do they work?
The term "keylogger" covers a wide variety of tools, some of which produce the same results in wildly different ways. We'll drill down into the different types and talk a little bit about how they work.
The first general category is keylogger software. These are programs that live on your device and record your keystrokes and other activity.
Perhaps the most common type of keylogger software is a user mode keylogger, sometimes called API-level keyloggers. These programs don't have administrative privileges, but still manage to intercept information transmitted by the application programming interfaces (APIs) that allow different applications to receive keyboard input. On Microsoft Windows, such keyloggers track GetAsyncKeyState or GetKeyState API functions and use a DLL to record the harvested data.
Kernel-level keyloggers are more difficult to create and install, but once they're in place, they get their hooks into the operating system itself and are more difficult to detect and eradicate as a result. At the other end of the spectrum, there are screen scrapers, which don't log keystrokes but rather use the computer's screenshot capabilities to record onscreen text, and browser-level keyloggers, which can only detect text entered into a browser form (but considering how much of our online life takes place within a web browser, that's still pretty dangerous).
In addition to keylogging software, there's also keylogging hardware, including recording devices that can be installed in the keyboard wiring itself, or a keylogging device might be built to look like a USB thumb drive and slipped into a port on the laptop or the computer. There are also gadgets that can record the Bluetooth communication between a wireless keyboard and a computer.
One particularly esoteric version of keylogger, which has been tested in the lab, is an acoustic keylogger that can determine with uncanny accuracy what you're typing just based on the noise your fingers make on the keys. Considerably simpler is the idea of third-party recording, which essentially consists of a camera surreptitiously pointed at your screen and keyboard.
All of these different kinds of keyloggers have to save that data somewhere; with hard drives much larger than they once were, it generally isn't hard to find a place to stash it. Keylogging software will occasionally send the information it's harvested over the internet back to whoever's controlling it, sometimes disguising the data to keep its activities hidden. Hardware keyloggers may be able to do this too, although sometimes their controllers must come physically collect them.
Before we move on, we should discuss one other kind of distinction we can make among different kinds of keyloggers. This one isn't about how they work on a technical basis; instead, it's about their legality. Any of the above types of keyloggers could be installed by a malicious attacker who's looking to steal your personal information or passwords.
However, when the owner of a device installs a keylogger on their own system, things get murkier. Many commercial keyloggers are marketed to parents who wish to monitor their children's online activities, and this is generally considered legal if the parents own the computers being monitored. Keyloggers are often found on computers in school or work settings as well, and in most jurisdictions in the United States they are considered legal if used for legal purposes. In other words, your boss can use data gathered from a keylogger installed on your work laptop as evidence to fire you if they discover you're engaging in some unsanctioned activity. But it would still be illegal for them to, say, harvest your banking passwords if you happen to log in to your financial institution at work.
How does a keylogger get on your system?
A physical keylogger has to be physically plugged into a computer, and so requires direct access, which is a tricky business often executed via social engineering techniques or a compromised insider.
But the most common type of illicit keylogger is the software variety, and that can best be described as keylogger malware. In fact, keyloggers, because they can harvest such lucrative data, are one of the most common malware payloads delivered by worms, viruses, and Trojans.
Thus, the way a keylogger gets onto your system is the same way any other type of malware gets onto your system, and that means that if you exercise good cybersecurity hygiene, you should be able to keep keylogger software at bay. To do that, you should:
- Watching out for phishing emails, and don't open or download attachments if you're not absolutely certain where they came from
- Similarly, don't download or install applications unless they come from a trusted source. That includes browser navbars, which are a common malware vector.
- Keep your computer safe with updated antivirus software.
How to detect a keylogger
How can you know if there's a keylogger on your system? For a hardware keylogger, of course, you should check for the hardware. If there's a thumb drive or something that looks unfamiliar plugged into your computer, investigate it. If you work on a corporate desktop, check the back panel once in a while to see if something new and strange has popped up.
With software keyloggers, there are some signs that you might be able to pick up on yourself. Keyloggers can sometime degrade web performance, spawn unusual error messages, and interfere with loading web pages. These are all features of malware generally; sometimes you can just tell that something is "off" with your computer. Keylogger-specific signs could include lags in your mouse movement or keystrokes, where what you type doesn't appear on screen as quickly as it should. On a smartphone, you might notice that screenshots are degraded. (Yes, keyloggers can be installed on smartphones, just like any other kind of malware.)
However, if a keylogger is causing those sorts of visible problems on your computer, it probably isn't a very good one. That's not to say you won't ever be infected by a keylogger that causes those symptoms—there are plenty of cybercriminals willing to unleash quick-and-dirty "good enough" malware on their victims. But don't get a false sense of security just because your computer is working smoothly: a commercial keylogger or one implemented by a skilled criminal or nation-state hackers can do its business in the background without you ever knowing. That's why a good endpoint security solution is key: these platforms hunt for keylogger code on your machine, and are continuously updated with the latest malware signatures to help them spot new variants.
Network security systems also have a role to play in detecting keyloggers. Remember, that data has to get back to the keylogger's controller somehow, and generally it's sent out over the internet. While many keyloggers go to great lengths to disguise their data as ordinary internet traffic, good network security tools can sniff it out.
Still, you should always be prepared for the possibility that a keylogger is lurking somewhere on your system. One good defensive mechanism against potential snooping is to use a password manager, which fills passwords into browser windows securely in ways most keyloggers can't detect.
How to remove a keylogger
The bad news is that you're probably not going to be able to remove a keylogger on your own. You might find some websites that recommend hunting through your operating system's task manager or list of installed programs and deleting anything that looks unfamiliar or suspicious; while that's not a terrible idea, a keylogger of any degree of sophistication will not be visible in those contexts.
The good news is that endpoint security suites almost all delete malware in addition to detecting it. If you search through reviews and ratings of anti-keylogger software, like the ones from AntiVirus Guide or Best Antivirus Pro, what you find are lists of the heavy hitter antivirus and endpoint protection vendors, like McAfee, Kaspersky, Norton, Bitdefender, and so on. If you find an endpoint protection suite you like, it will almost certainly do the job when it comes to cleaning your computer of keylogger software.
History of keyloggers: Examples and famous attacks
The earliest known keylogger actually predates the computer age. In the 1970s, Soviet intelligence developed a device that could be hidden in an IBM electric typewriter and send information about keystrokes via radio bursts; these were deployed in the typewriters at U.S. diplomatic facilities in Moscow and Leningrad.
The first computer keylogger was developed by then-graduate student Perry Kivolowitz in 1983 as a proof of concept. One particularly noteworthy example of a keylogger "in the wild" was distributed with a Grand Theft Auto V mod in 2015. In 2017 hundreds of models of Hewlett Packard laptops were found to have shipped from the factor with a keylogger installed, though HP insisted that this was a tool meant to diagnose keyboard performance that should've been deleted before shipment rather than an attack.
Two of the most widespread keylogger malware programs in recent months are the Snake keylogger and Phoenix, an older program recently resurrected with new capabilities. Both programs are evidence that cybercriminals are innovating in this area—so stay on your guard.
Related:
- Security
- Malware
Copyright © 2022 IDG Communications, Inc.
7 hot cybersecurity trends (and 2 going cold)
FAQs
What does a keylogger record? ›
A keylogger, sometimes called a keystroke logger or keyboard capture, is a type of surveillance technology used to monitor and record each keystroke on a specific computer. Keylogger software is also available for use on smartphones, such as the Apple iPhone and Android devices.
What is a keylogger and how does it work? ›Keyloggers or keystroke loggers are software programs or hardware devices that track the activities (keys pressed) of a keyboard. Keyloggers are a form of spyware where users are unaware their actions are being tracked.
How does a keylogger monitor your computer? ›Keyloggers are activity-monitoring software programs that give hackers access to your personal data. The passwords and credit card numbers you type, the webpages you visit – all by logging your keyboard strokes. The software is installed on your computer, and records everything you type.
How does a keylogger work in what way you can get a keylogger? ›a keylogger can be installed when a user opens a file attached to an email; a keylogger can be installed when a file is launched from an open-access directory on a P2P network; a keylogger can be installed via a web page script which exploits a browser vulnerability.
What is keylogger in simple words? ›Definition of keylogger
: a piece of software that records the signals sent from a keyboard to a computer usually for the purpose of gaining information about the user without the user's knowledge Malware works most commonly by installing a keylogger or some other form of spyware that watches what you type or see.—
Keylogger sends report to a predefined e-mail address. It is super simple ' just type in the address in an appropriate place. Hardware keylogger also stores files with computer logs. If you have access to the monitored computer, all you need to do is press the appropriate key combination to see the whole log.
What is keylogger explain its types with example? ›Keyloggers are used to gain fraudulent access to confidential information such as personal details, credit card data, access credentials, etc. There are two types of keyloggers, based on the method used to log keystrokes: software keyloggers and hardware keyloggers.
How does a keylogger infect a device? ›The malware program may get installed when accessing email from an unknown source or an attachment in the email. Keylogger may also enter the device when surfing the Internet or clicking random pop-ups. The system may also get infected with the keylogger program when installing applications from uncertified sources.
Why do hackers use keyloggers? ›They allow cybercriminals to read anything a victim is typing into their keyboard, including private data like passwords, account numbers, and credit card numbers. Some forms of keyloggers can do more than steal keyboard strokes.
How does a hacker perform keylogging functions without the user noticing? ›Spyware is a type of malware that records your activities. A keylogger records every keystroke you make on your computer's keyboard. With this information, a hacker can work out your username and password for a range of sites without even seeing what comes up on the screen.
How do hackers install a keylogger? ›
Keyloggers can be installed through webpage script. This is done by exploiting a vulnerable browser and the keystroke logging is launched when the user visits the malicious website. a keylogger can exploit an infected system and is sometimes capable to download and install other malware to the system.
How do cyber criminals use keyloggers? ›How do cybercriminals use keyloggers? Cybercriminals use keyloggers to steal credentials, bank login information, social media login information and personal information. From there, they can steal identities, money, or smear a person's online reputation.
Can keylogger record keystrokes? ›Short for “keystroke logging,” a keylogger is a type of malicious software that records every keystroke you make on your computer. Keyloggers are a type of spyware — malware designed to spy on victims. Because they can capture everything you type, keyloggers are one of the most invasive forms of malware.
Are keyloggers easy to detect? ›The truth is, keyloggers are not easy to detect without the help of security software. Running a virus scan is necessary to detect them. Trend Micro HouseCall is an online security scanner that detects and removes viruses, worms, spyware, and other malicious threats such as keyloggers for free.
Can a keylogger track copy and paste? ›A keylogger can only capture the keys you press on the keyboard. So if you copy and paste your username and password, it won't be able to log the characters anymore. Some users save the details on a notepad then copy and paste them later. Although, some keyloggers are able to capture screenshots.
Which of the following is true of a keylogger? ›A keylogger can exploit an infected system and is sometimes capable to download and install other malware into the system.
What type of attacks can be done using keyloggers? ›Keylogger attacks are one of the oldest forms of cyber threats. It reads and logs keystrokes and can recognize patterns to make finding passwords easier. Keyloggers are spread through malware, USB sticks, and software and hardware bugs.
What other type of data can keyloggers track? ›- Log clipboard text, recording information that you cut and paste from other documents.
- Track activity like opening folders, documents, and applications.
- Take and record randomly timed screenshots.
- Request the text value of certain on-screen controls, which can be useful for grabbing passwords.
...
List of Top Keyloggers for Android
- mSpy.
- eyeZy.
- SpyBubble.
- uMobix.
- XNSPY.
- Cocospy.
- Hoverwatch.
- FlexiSPY.
Keyloggers are built for the act of keystroke logging — creating records of everything you type on a computer or mobile keyboard. These are used to quietly monitor your computer activity while you use your devices as normal.
Is keylogger a security risk? ›
The main danger of keyloggers is hackers can use them to decipher passwords and other information entered using the keyboard. This means that cybercriminals can figure out your PINs, account numbers, and login information for financial, gaming, and online shopping accounts.
How many types of keyloggers are there? ›The two major types of the keyloggers are the hardware and the software keylogger. As the name suggests the hardware keyloggers are devices attached to the keyboard and the software. It can be a small USB like device attached to the keyboard which collects the keystrokes.
What techniques do hackers use to steal information? ›- Phishing. Phishing is the most common hacking technique. ...
- Bait and Switch Attack.
- Key Logger.
- Denial of Service (DoS\DDoS) Attacks.
- ClickJacking Attacks.
- Fake W.A.P.
- Cookie Theft. The cookies in your web browsers (Chrome, Safari, etc.) ...
- Viruses and Trojans.
Using search queries through such resources as Google and job sites, the hacker creates an initial map of the target's vulnerabilities. For example, job sites can offer a wealth of information such as hardware and software platform usage, including specific versions and its use within the enterprise.
How do hackers get traced? ›Most hackers will understand that they can be tracked down by authorities identifying their IP address, so advanced hackers will attempt to make it as difficult as possible for you to find out their identity.
How are keyloggers activated on devices? ›Keyloggers can be installed through random infections or through direct access to your device. If you don't keep your security software, operating system and utilities up-to-date, random exploits from a wide variety of sources on the internet can allow a keylogger to be installed.
Can you hide keylogger? ›Keylogger Free can run completely invisibly without alerting a user that their computer is being monitored. If you need to discreetly monitor computer activities, you can make the program running in hidden mode – no trace of the software appears on the Desktop or in the System Tray, the Task Manager.
What is the goal criminals use keylogger '? ›When used for criminal purposes, keyloggers serve as malicious spyware meant to your capture sensitive information. Keyloggers record data like passwords or financial information, which is then sent to third-parties for criminal exploitation.
Can keyloggers see your screen? ›A keylogger records every keystroke you make on your computer's keyboard. With this information, a hacker can work out your username and password for a range of sites without even seeing what comes up on the screen.
Can a keylogger see what you copy and paste? ›A regular Hardware keylogger intercepts and records the communication between a keyboard and a computer, so a key sequence causing selected data to be placed or retrieved from the clipboard will be recorded, and not the copied or pasted data itself.
Can a keylogger track copy and paste? ›
A keylogger can only capture the keys you press on the keyboard. So if you copy and paste your username and password, it won't be able to log the characters anymore. Some users save the details on a notepad then copy and paste them later. Although, some keyloggers are able to capture screenshots.
Can keylogger detect saved passwords? ›A keylogger, by itself, cannot read the password database. However, if there is any malware on the machine, the database may very well be compromised by some other means.
What other type of data can keyloggers track? ›- Log clipboard text, recording information that you cut and paste from other documents.
- Track activity like opening folders, documents, and applications.
- Take and record randomly timed screenshots.
- Request the text value of certain on-screen controls, which can be useful for grabbing passwords.
Like most malware, you can use a good antivirus/anti-malware scanner like Malwarebytes to find and remove keyloggers.
Why do hackers use keyloggers? ›They allow cybercriminals to read anything a victim is typing into their keyboard, including private data like passwords, account numbers, and credit card numbers. Some forms of keyloggers can do more than steal keyboard strokes.
Can a VPN block a keylogger? ›VPN protection against keyloggers
If you want to be protected against the attack of a keylogger, choose a VPN connection in addition to a good (keylogging) virus software. Then you are assured that your data is secure and at the same time you guarantee online anonymity.
When you see the link such as: http://www.example.com/foo.jpeg , you think it's an image, but it doesn't have to. It all depends on its MIME type and by loading it, you actually can load the script (such as Javascript), and on vulnerable/old browser, could install a keylogger.
Can a keylogger record on-screen keyboard? ›It may even prevent some classes of keyloggers from intercepting your keystrokes. Unfortunately since an on-screen keyboard is indistinguishable from a real keyboard to the program into which you are typing, there remain keylogging techniques an on-screen keyboard will not protect you from.
Which of the following is true of a keylogger? ›A keylogger can exploit an infected system and is sometimes capable to download and install other malware into the system.
How many keystrokes can a hardware keylogger record? ›It has a capacity of up to 2,000,000 keystrokes stored with STRONG 128-bit encryption.
How do cyber criminals use keyloggers? ›
How do cybercriminals use keyloggers? Cybercriminals use keyloggers to steal credentials, bank login information, social media login information and personal information. From there, they can steal identities, money, or smear a person's online reputation.