Arrow back

What is a Keylogger? Everything you Need to Know

31 July, 2019

Malware today exists in many forms. It can lock down your computer, download all of your files and even steal your identity. Once your machine has been infected with Keylogger malware, what can criminals actually do with it?

They can use your machine to harvest passwords, send phishing emails, mine cryptocurrencies and much more. Keyloggers are the go-to method for harvesting your credentials.

What is a Keylogger and how does it work?

In its basic form, a Keylogger can either be a physical piece of hardware or software that intercepts signals from your keyboard and records every keystroke you make. Keyloggers intercept the communication between your keyboard and computer, before transmitting that information to a third party.

Software keyloggers (sometimes known as keylogger viruses) are often installed via malware whereas hardware requires physical access to your organization's network.

As Keyloggers pose a large threat, banks have implemented security features such as using drop down boxes to input your password for online banking. To get around this, some advanced keyloggers are able to take screenshots every time you click your mouse. This means that when you input your password using the drop down box, they can take multiple screenshots of your password.

Keyloggers can find their way onto your system in numerous ways, criminals can either physically load them onto your machine, via the use of USB sticks or infected hardware which requires real-world access to your machine or network.

Criminals can use numerous forms of malware injection (malvertising, phishing, and adware etc) to load the Keylogger onto your machine, then sit back while it harvests all of your credentials.

How do Keyloggers spread?

Historically, Keyloggers were physical devices which were inserted between your keyboard and your computer, recording the data which passed between.

Today, however, most Keyloggers are of the software variety, coming in the form of trojans or viruses, which hide on your PC and scooping data to broadcast back. But how do these software Keyloggers spread?

  • Through emails which encourage you to click a link or open an attachment
  • Through webpage script on vulnerable (outdated and depreciated) browsers
  • Through SMS messages on mobiles which includes a link which, when clicked, install the Keylogger

What are Keyloggers on a phone?

A keylogger on a phone operates in exactly the same way as a keylogger on a computer, tracking usage. Some phone keyloggers offer access to things like SMS history, phone logs, contact lists and photographs stored on the device.

How do you know if you’ve been infected with a Keylogger?

There are subtle signs that software may be spying on your every move. Here are a few of the major indicators:

  • A slow PC - Has your computer become much slower since the last time you ran a specific program?
  • Cursor strangeness - Does it sometimes appear like your mouse cursor disappears or text takes a while to load once you have typed it?

A Keylogger will contain a signature which can be easily detected by common antivirus programs. If you suspect that your machine is infected with a Keylogger, run a scan on your computer and your antivirus should be able to detect it and remove the program before damage can be done

How can you protect yourself against a Keylogger?

In a perfect world, you wouldn’t have to enter your password. Instead, credentials would be automatically filled out in a safe, secure environment for quick and easy logins. Luckily, programs like that already exist!

Password managers are becoming increasingly popular because of their ease of use and extremely high-level security protocols. Therefore, with just one click, you can populate the password fields. No keystrokes, no drop down boxes - instant passwords that can’t be tracked or ‘keylogged’.

Most secure sites that hold sensitive information offer the option to have some form of two-factor authentication. For example, Google allows users to authenticate a login by tapping ‘Yes’ on your mobile phone, or by entering a code that’s automatically generated, which is again stored on your personal device.

Therefore, even if cyber criminals do have your password, they can’t get access to your account as your phone is the secondary line of defence and can’t be removed without using two-factor authentication to confirm your login.

This one may seem a little generic, but ensure that all the programs on your computer are up to date. Vulnerabilities which allowed Keyloggers onto your system in the first place may be patched, and may also patch other weak areas you weren’t aware of.

Are Keyloggers legal?

Keyloggers are illegal when used for criminal purposes, like stealing private information. However, they are used legally within businesses to monitor employee computer usage. Never use a keylogger in an unauthorised computer system, as doing so will see you fall foul of the law. If you're the victim of a keylogger, speak to the police.

How common are Keyloggers?

In August, Bleeping Computer reported that Google successfully removed 145 Android apps from the official Play Store, which contained genuine Windows Keyloggers. The Keyloggers within weren’t all from the same strain, instead reportedly came from 3 different sources.

It just goes to show how easy it is to be infected by an official, genuine application source. Even if you take the utmost precaution with vetting websites first, there’s still the possibility that malware could be dropped onto your machine.

Keyloggers are still a huge issue as they’re very easy to create and come with additional functionality which tries to combat current anti-keylogging features and usually attaches to malware that can be picked up from the web.

We offer cyber security training courses that are tailored to teaching you the best ways to keep your passwords safe and secure

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
Crown Commercial Service Supplier
HM Treasury
ISO27001 & ISO9001
Cyber Essentials Plus
Global Cyber Alliance