Keyloggers - What is a keystroke logger?

Keyloggers secretly record what you see, say and do on your computer. Employers use keyloggers to watch employees, but cybercriminals use them too.

What is a keylogger?

Did you know that your keyboard could let cybercriminals eavesdrop on you? Or that they could watch you on your system camera? Or listen over your smartphone’s microphone? Welcome to the world of keyloggers, a particularly insidious type of spyware that can record and steal consecutive keystrokes (and much more) that the user enters on a device.

Although for our purposes, keyloggers operate in the context of malware, they are not always illegal to install and use. Keyloggers are a common tool for corporations, which information technology departments use to troubleshoot technical problems on their systems and networks—or to keep an eye on employees surreptitiously. The same goes for, say, parents, who want to monitor their children’s activities. Suspicious spouses are another market for keyloggers.

In all such cases, if the organization or person downloading and installing the keylogger actually owns the device, then it’s perfectly legal. And there are thousands of commercially available keyloggers on the Internet, which advertise themselves for just such a use.

However, the concern about keyloggers is when malicious actors are behind them. And they definitely do not own the device they infect. You don’t know they’ve breached your computer; and depending on what kind of keylogger it is, it can steal any passwords you’ve entered, periodically take screen shots, record the web pages you view, grab on to your sent emails and any instant messaging sessions, as well as sensitive financial information (such as credit card numbers, PIN codes, and bank accounts), and then send all that data over the network to a remote computer or web server. There, the person operating the logging program can retrieve it all, no doubt sending it to third parties for criminal purposes.

Keyloggers come in at least two broad flavors—hardware devices and the more familiar software variety. Hardware devices can be embedded in the internal PC hardware itself, or be an inconspicuous plugin that’s secretly inserted into the keyboard port between the CPU box and the keyboard cable so that it intercepts all the signals as you type. But that means that the cybercriminal has to have physical access to the PC while you’re not present in order to plant the hardware keyloggers.

Software keyloggers are much easier to introduce to and install on victims’ devices, which is why that variety is much more common. Unlike other kinds of malware, software keyloggers are not a threat to the systems they infect themselves. In fact, the whole point of keyloggers is to work behind the scenes, sniffing out the keystrokes while the computer continues to operate normally. But even if they don’t harm the hardware, keyloggers are definitely a threat to users, especially when they steal data pertinent to any number of online payment systems.

How can I tell if I have a keylogger infection?

Keyloggers invade PCs (and Macs, and Androids, and iPhones) in the same way that other malware does. They install when you click on a file attachment that you’ve been duped into opening—most commonly because you fell for a social engineering scheme or a cleverly designed phishing expedition. The attachments can come to you by email, through a text message, an instant message, on social networks, or even through a visit to an otherwise legitimate but infected website, which exploits a vulnerability in it and drops a drive-by malware download. Also, keyloggers rarely arrive solo. The same Trojan that delivers the keylogger can slip other malware on your system—such as adware, spyware, ransomware, or even a legacy virus.

“Keyloggers install when you click on a file attachment that you’ve been duped into opening—most commonly because you fell for a social engineering scheme or a cleverly designed phishing expedition.”

Hardware keylogger infections occur if someone gains access to your unlocked device, which can fuel any number of scenarios. Say a crook somehow installs a keylogger plug into the keyboard USB port of a bank loan officer’s PC. That gives the keylogger operator all kinds of exploitable data in the course of the loan officer’s normal duties. Corporate accounting department computers are another rich target. Or what if you decide to use a public computer to do some shopping? The last person using that Internet café PC could be the next one to use your confidential data.

Keylogger news

What is the history of keyloggers?

The history of the use of keyloggers for surveillance purposes dates to the early days of computers. Wikipedia details sundry uses of keyloggers in the 1970s and early 1980s for various purposes, including government clandestine operations.

One of the most famous early incidents took place in the mid-1970s, when Soviet spies developed an amazingly clever hardware keylogger that targeted IBM Selectric typewriters in the US Embassy and Consulate buildings in Moscow and St Petersburg. Once installed, the keyloggers measured the barely detectable changes in each typewriter’s regional magnetic field as the print head rotated and moved to type each letter. (Meanwhile, Soviet embassies opted to use manual typewriters rather than electric ones for typing classified information.)

While various forms of keylogging have been occurring for quite some time, the boom in the creation and use of commercial keyloggers grew to significant numbers in the mid to late 1990s with a all kinds of products quickly coming to market during that time. Since then, the number of commercial keyloggers available for purchase has exploded to thousands of different products with varying target audiences and in many languages.

And although historically keyloggers have targeted the home user for fraud, industry and modern state-sponsored keylogging is a serious problem, in which a phishing expedition compromises a low-level employee or functionary, and then finds a way to work itself up in the organization.

Do mobile devices get keyloggers?

First the good news. There are no known hardware keyloggers for mobile phones. But both Androids and iPhones are still vulnerable to software keyloggers. There are claims out there that, because the mobile device’s screen is used as a virtual keyboard for input, keylogging is not possible. But you have only to search for smartphone keyloggers to see how many are available for download. Be assured that such keyloggers can capture what screens are pressed, so they see and record what virtual buttons the user touches.

What’s more, once the keylogger infects the smartphone, it monitors more than just keyboard activity. Screen shots (of emails, texts, login pages, etc.), the phone’s camera, the microphone, connected printers, and network traffic are all fair game for the keylogger. It can even block your ability to go to particular websites—such as a software security site like ours.

As for infection methods, anyone who has temporary sneaky access to the phone without the user’s knowledge can load a keylogger. And just like it is with PC and Mac laptops, tablets, and computers, smartphone users can infect themselves if they fall prey to phishing expeditions, or unwisely click on an attachment of uncertain provenance.

How can I detect and remove keyloggers?

Are there telltale signs that your device is hosting a keylogger? The answer is, it depends.

The well-designed commercial grade of keylogger usually works flawlessly, so it does not affect system performance at all. If the keylogger is sending reports to a remote operator, it disguises itself as normal files or traffic. Some of the programs will even display a notice on the screen that the system is being monitored—such as in a corporate computing environment. Others can reinstall themselves if users somehow succeed in finding them and attempt to remove them.

Keyloggers of poorer quality (such as the malware variety) might reveal themselves in a number of ways. The software might subtly degrade smartphone screenshots to a noticeable degree. On all devices, there could be a slowdown in web browsing performance. Or there’s a distinct lag in your mouse movement or keystrokes, or what you are actually typing doesn’t show up onscreen. You might even get an error message when loading graphics or web pages. All in all, something just seems “off.”

Of course, the best way to protect yourself and your equipment from falling victim to keyloggers is to scan your system regularly with a quality cybersecurity program. For instance, Malwarebytes is fully equipped to sniff out keyloggers. It uses heuristics, signature recognition, and identification of typical keylogger behavior associated with keystroke and screenshot capturing to first find the malware, and then remove it. You can try Malwarebytes free if you're concerned you may have a malware infection, keylogger or otherwise. 

“Of course, the best way to protect yourself and your equipment from falling victim to keyloggers is to scan your system regularly with a quality cybersecurity program.”

How can I protect myself from keyloggers?

Avoid keyloggers by avoiding the user mistakes that lead to their ability to infect phones and computers. It starts with keeping your operating system, your applications, and web browsers up to date with the latest security patches. Always be skeptical about any attachments you receive, especially unexpected ones even if they seem to come from someone you know. When in doubt, contact the sender to ask. Keep your passwords long and complex, and avoid using the same one for different services.

Real-time, always-on anti-malware protection is the gold standard for preventing not only infection from a keylogger, but also from all other associated malware threats. For all platforms and devices, from Windows and Android, Mac and iPhones, to business environments, Malwarebytes is a first-line defense against the relentless onslaught of cybercriminal attacks.

Select your language