What is Keylogging?
Keeper's Guide to Keystroke Logging.
Learn to understand, detect and remove keylogging software
Cybercriminals have hundreds of tools available that allow them to steal credentials, hack firewalls and cybersecurity systems and perform other cyber crimes. Perhaps the most disturbing of these tools is the keylogger, which is a kind of malware that you don’t want on your machine. Keyloggers are dangerous programs that expose all of your most private credentials in real-time to a cybercriminal—leaving bank logins, social media accounts and others exposed.
But what is a keylogger? Why do cybercriminals use them? What are they capable of? How can you tell if you have one, and how do you protect yourself from them? This is your comprehensive guide to keyloggers, covering everything from detection to protection and beyond. Let’s look closer at one of the web’s most potent cyber threats.
What is a keylogger?
Keyloggers are malicious programs or malware that are downloaded onto a device via an entry point. Entry points can be infected software, emails, files or cloud programs. The keylogger gets installed on the victim’s device, where it logs every keystroke to figure out login credentials and other sensitive information.
Why keyloggers are a threat
Keyloggers can be incredibly accurate, which makes them especially dangerous. Many keyloggers go undetected for long periods of time, recording activity on the keyboard and giving the cybercriminal a more intimate look into the victim’s online accounts.
Keyloggers are so dangerous because they’re difficult to detect and very effective at what they do. If you’re reusing passwords, a keylogger will quickly pick up on that, exposing the login credentials to multiple accounts.
A simple keylogger can store information from a single login or multiple sites and accounts, depending on the software. The bottom line? Keyloggers are dangerous, effective, and often hard to detect—which makes them a serious threat to businesses, individuals, and governments.
How do keyloggers work?
So, how does a keylogger work, anyway? Keyloggers require an entry point to the device where it will record keystrokes. There are plenty of ways to get the keylogger onto a device whether via hardware or software. Hardware almost always requires a person to install, so it’s more likely that the keylogger was brought in by an insider.
Most keyloggers, however, are delivered via software. Software downloaded from the web or untrusted sources makes for an easy entry point for all kinds of malware. Many keyloggers have rootkit capabilities, which means they’re far more difficult to detect and remove.
A quick history of keyloggers
Interestingly enough, keyloggers date back to long before the first home computers. During the cold war, the Soviet Union was “interested” in what was being said across the country. They were spying on citizens to drive the propaganda machine and crush opposing viewpoints. In the 1970s, IBM was producing sophisticated electric typewriters, which were some of the best data entry tools to date.
The Soviet Union decided it wanted to track all of the information typists put into those typewriters, and thus, the first keylogger was born. Whatever was typed on the IBM typewriters was recorded and relayed to Moscow. Yikes!
Today’s keyloggers are far more sophisticated and less easy to detect. Riding on lightning fast internet connections and malware that is downloaded directly to devices, keyloggers are super effective and versatile.
How do keyloggers get installed?
Here are some common methods for installing a keylogger on a device.
The story of the Trojan war lives on in our folktales not only for the bravery of the heroes but also the cunning of the Greek soldiers. Using a wooden horse as a staged gift, the Greeks tricked the Trojans into allowing them through the gates via the horse, hiding soldiers inside. Once through the walls, the Greeks took the city and the war was won.
That clever but malicious act lives on today via its namesake the Trojan Horse Virus. This virus is especially tricky and effective because it uses legitimate software to install itself on a device. Users download “legitimate” software, and once they run the executable installer, the Trojan virus is also installed.
Keyloggers are often installed this way, and to great effect. Some Trojans are undetectable with conventional cybersecurity and antivirus software, and can remain embedded in a system for months or even years before they’re found.
An infected system is usually infected via hardware connections. For example, an employee or insider installs the keylogger virus via a hard drive, portable drive or some other hardware. Infected systems are especially difficult to handle because it can take multiple scans and high-level antivirus software to remove the virus.
Phishing emails are some of the most common and effective methods of delivering malware to a device because they’re so versatile. Using social engineering, phishers can convince victims to click malicious links or download malicious software via fear and manipulation.
You’ve likely received a phishing email at some point. It may have been an offer that seemed too good to be true, or a threat from a “legitimate” agency about money owed or action to be taken against you if you don’t act. These emails have a huge success rate, making them a favorite delivery vehicle for keylogger viruses.
A webpage script is the code that makes the website function. Sometimes, cybercriminals use web scripts to deliver viruses to people who visit the site. The script is coded to automatically download software or browser extensions when a connection is made. This method is typically paired with phishing emails or smishing (SMS phishing) to entice victims to follow malicious links.
How do cybercriminals use keyloggers?
Cybercriminals use keyloggers to steal credentials, bank login information, social media login information and personal information. From there, they can steal identities, money, or smear a person’s online reputation.
Keyloggers are also used by law enforcement to track down cybercriminals and gain access to restricted accounts. In 2000-2002, the FBI used keyloggers to hack into Nicodemo Scarfo Jr’s computer, obtaining evidence to convict the son of the famous mob boss and several associates.
In 2018, the website builder WordPress suffered a keylogging attack on at least 2,000 WordPress sites. The keylogger was installed via a crypto logging script, or in-browser crypto miner. The keylogger allowed cybercriminals to gather credentials from thousands of websites and compromise information.
Keyloggers in the corporate workplace
Keyloggers serve legitimate purposes, too. They’re often used in corporate environments, like IT or security firms, to track user data for real-time inputs and viable information for future investigations. For example, if malicious software was installed, the IT team can use the keylogger to see what the employee was typing when they installed the software.
According to ObserveIT, keyloggers are also used to allow administrators to monitor keyword inputs on company computers. This can help the company enforce cybersecurity and web use policies and monitor for suspicious activity.website_keylogger_0037=How to tell if you have a keylogger infection
How to tell if you have a keylogger infection
Detecting a keylogger infection is the first step to removing it, but not all keyloggers are easy to detect with basic antivirus software. The signs of a keylogger aren’t always immediately obvious, but a good place to start is monitoring your computer’s behavior.
If you notice slower performance, strange software or connection delays, or excessive drive use, it’s time to check for viruses. Perform a full virus scan with your antivirus software to see if it finds anything malicious.
You can also check your computer’s processes via the command prompt to find suspicious activity. Access the task manager on Window with Ctrl+Alt+Delete and look closer at your running threads. Are there any programs that don’t belong? If so, you can run the program pathway through your antivirus or delete it completely from your computer. Keylogger malware will almost always require an antivirus program to delete permanently. If all else fails, you can seek professional help.
Do mobile devices get keyloggers?
While there aren’t currently any hardware keyloggers for android or iOS devices, there are still software keyloggers to watch out for.
3 best practices for detecting and removing keyloggers
Always check your software
Verify the software publisher, verify certified reviews of the software and run any downloads through your antivirus software. Most illegitimate software is automatically deleted by antivirus programs if they detect an uncommon third-party signature.
Don’t fall for phishing scams
Phishing scams are some of the most effective ways to infect a system with keylogger malware. Don’t open emails from people you don’t know or don’t expect mail from, never download strange attachments and always notify any organizations that are “threatening” over email or text.
Keep your antivirus updated
Staying up to date with the latest virus definition allows your device to stay protected against the most up to date threats. Be sure to update your antivirus software frequently.
How can I protect myself from keyloggers?
Keylogger attacks are common, effective, and dangerous. Protecting yourself and your business from these attacks is important in a world where cyber crimes cause billions in damages every year. Remember to update your virus software, watch for phishing scams, and monitor your device for strange activity. Antivirus software should be used at least once per week or every day, if possible.