In simple terms, a keylogger (KL) is a tool designed to capture all keystrokes of a computer, either through a software program or through a hardware device. This keyboard recording activity is also referred to as keylogging or keystroke logging.
Although keyloggers are not illegal, their use is often related to malicious operations.
The Positive Uses of a Keylogger
Despite being used for illicit activity, keyloggers do have a few positive use cases. If used for good, it can help parents monitor the computing activities of their children or used by employers to determine how their employees are making use of their computers during work periods. It is worth mentioning, though, that this should be done with the employees’ consent. A keylogger may also be used to protect (record) passwords and other data in case of an operating system crash (but there are certainly better ways to do that). In addition, keystroke logging has been recently adopted by scientists and established as a research tool on the investigation of human writing processes.
The Negative Uses of a Keylogger
As the name suggests, the purpose of a keylogger is to log each and every keystroke from the target computer, which is not necessarily a bad thing. Unfortunately, however, the most common use of keyloggers is related to malicious activity. KL programs are being widely used by cybercriminals as a way to steal sensitive information from the victims, such as credit card numbers, passwords, personal emails, banking credentials, driver’s license numbers, and so forth.
Types of Keyloggers
As mentioned earlier, there are two main types of keylogging devices. There are the software version and the hardware version. When it comes to software vs hardware keyloggers it is important to understand the differences between these two types. Although the most common is the software version, one should comprehend how the hardware KL function as well.
Hardware Keylogger:
- Usually consists of a small chip or wire that is physically attached to a computer or laptop.
- Most hardware KL can be easily removed.
- Gleans information that can be reviewed with a coordinating computer program even after the chip or wire has been removed.
- Usually is the preferred type of keylogger for companies who desire to look after their employees.
- Unlike software keyloggers, firmware versions of hardware KL can be attached to the machine’s BIOS and record data from as soon as a computer is turned on.
- Wireless KL sniffers are able to intercept the communication between wireless keyboards and the computer.
Software Keylogger
Unfortunately, a software keylogger is much harder to detect. There are many different categories with varying methods and techniques, but in general, we may consider the following:
- It usually consists of a software program that has been secretly installed on your computer by a hacker. Can be either downloaded directly on the host computer (e.g. via phishing attacks) or it can be downloaded remotely.
- The most common software keyloggers record only the activity of the computer’s keyboard, but there are modified versions able to perform screenshots and clipboard logging as well.
- Less common types of software KL include the ones based on Javascript (injected into websites), APIs (running inside an application), and web forms (record any data submitted to web forms).
Preventing a Hardware Keylogger
It is highly unlikely that you will ever be hit by a hardware keylogger, especially in the privacy of your own home. However, it is a possibility in a public environment. Since a hardware keylogger will usually utilize a USB port to function, your main defense would be to utilize spot checks on the USB area of the computer being used.
Preventing a Software Keylogger
- Software keyloggers are harder to detect, but installing a good antivirus will likely keep you safe.
- Installing anti-keylogger software is also an option since these are specifically designed to detect, remove, and prevent keylogger attacks.
- Be cautious with email attachments and links. Avoid clicking on ads and websites of an unknown source.
- Keep your software applications and operating system up to date
- Any user that makes use of internet banking or any other online activity that involves money should be particularly wary (cryptocurrency adepts and traders included).
How To Detect and Remove a Keylogger
The easiest way to detect a software keylogger is to check what is running from the system processes. If there is something there that looks odd, you should search online and try to find out if it is from a legitimate program or a known keylogger. Moreover, also examining your outgoing traffic from your computer is a good idea as well.
Getting rid of a software keylogger is not easy but it can be done. You should first try to install an anti-keylogger program on your system and check if it can be removed. If your computer is still acting odd and you suspect that the anti-keylogger program was not able to solve the problem, you should probably format and reinstall your operating system completely.