A keylogger is a kind of monitoring software, used to track the keys that a user strikes on one’s device’s (computer or mobile) keyboard. Keylogger is also known as keystroke logger or system monitor.
As it embeds into the operating system or even at more lower levels, it is tough to detect its presence, and so, keylogger continues functioning stealthily without any obstruction.
The keylogging software usually stores the log files generated by keyloggers in a small file. It is either accessed later or sent over the network to a remote destination to let some other people monitor the user’s activities.
There are legitimate users of keyloggers like for example, parents use it to monitor their child’s activities, an organization implements it to track the employee’s actions or the government may use it to analyze certain cases related to computers.
However, cybercrooks use keyloggers for malicious purposes. They can secretly collect vital information like password, login credentials, bank account details, etc and misuse them in fraudulent or criminal activities.
We will discuss what data do keyloggers gather, their types, the way they intrude a system, methods to detect them and how to protect the system from them in this article. Let us start.
What information does a keylogger collect?
From the name itself, we understand that keyloggers record every keystroke struck by a user. But some keyloggers can also take screenshots of the window currently opened in the computer.
Keylogging software can either store the collected information in a local hard drive or transmit it over the network to a remote destination or Web Server.
Generally, keyloggers can do the following things:
- Collect passwords entered by the user.
- Take screenshots of the device periodically.
- It is capable of clipboard logging, i.e., keyloggers can capture everything that is copied to the clipboard.
- Keep tracks of URLs visited through a web browser and took screenshots of the web pages as well.
- Keep a record of the applications run by a user.
- Keep logs of instant message (IM) sessions.
- Record copies of sent emails.
- Transfer the records to a remote location automatically (by email, FTP or HTTP).
What are the types of keyloggers available?
Keyloggers are, mainly, of two types – software-based and hardware-based. Let us discuss them.
Software-based keyloggers are computer programs that attempt to monitor your computer’s operating system. They are designed to function on the target computer’s software.
Software-based keyloggers can be categorized into different types, and they differ in the ways of system penetration. Some of them are mentioned below.
Memory injection software
It is typically trojan virus and, it alters memory tables of a system to bypass online security.
This kind of software patches the memory tables and aids cybercrooks in circumventing the Windows User Access Control (UAC).
Trojans like Zeus and SpyEye use this technique widely.
Form grabbing based software
This kind of software logs online form submissions. When a user submits a form by clicking a button, form-grabbing based keyloggers track and record all the information filled in by the user.
Kernel-based keyloggers reside at the kernel level, and hence, it is tough to detect them. They are powerful tools which can subvert the OS kernel and obtain illegitimate access to the hardware.
They function as keyboard device drivers and can access any data typed on the keyboard.
Such keyloggers stay in a malware hypervisor, below the OS. They remain untouched and behave as a virtual machine. Blue Pill is a well-known example of this kind.
In this method, a malicious script tag is introduced in the target web page which listens for key events (like onKeyUp()).
There are several methods to inject a script, like cross-site scripting, man-in-the-browser, man-in-the-middle, etc.
API-based keyloggers behave as if they are an integral part of the application and not a malware. They register keystroke events every time a user presses or releases a key.
Hardware-based keyloggers are also of different types. They are:
Wireless keyboard and mouse sniffers
The sniffers gather data packets that are being transferred from a wireless keyboard to its receiver.
To secure the wireless communication between the devices, the transmission should be encrypted, which must be first decrypted to make them readable.
Keyboard hardware records keystrokes with the help of a hardware circuit attached between the keyboard and the computer.
The most significant advantage is that it is independent of any installation on the OS of the target device.
There are USB connectors based-hardware keyloggers too. Hardware-based keyloggers keep all the recorded activities in their internal memory. These records can be accessed later.
BIOS-level firmware, that deal with keyboard events, can keep track of these events while they are being processed. For this, physical and root-level access is required on the device.
Also, the appropriate software to be incorporated in the BIOS must be introduced for the specific hardware to function correctly.
In this method, the typing sound is monitored to figure out the keystrokes typed by a user. Every key makes a slightly different sound (acoustic signature) than the other when pressed.
Statistical methods, which involve the study of the repetitive frequency of similar acoustic keystroke signatures, the time difference between the keystrokes and other context information, help to find the relation between the keystroke signature and its corresponding keyboard character.
This entire method is called acoustic cryptanalysis. However, a long enough recording (1000 or more keystrokes) is required as a sample to analyze the sounds successfully.
This method is commonly used to steal ATM PIN of different people. The hacker’s keyboard is placed over the ATM keyboard. Each key pressed is registered in both these keyboards.
The design is so perfect that it is impossible for a customer to detect its presence.
It is possible to capture keystrokes from a computer keyboard by using the commodity accelerometer found in the smartphones.
For this, both the computer and the smartphone are to be kept close to each other, on the same desk.
The accelerometer catches the vibrations of the keystrokes and translates the obtained accelerometer signal into a readable text with nearly 80% veracity.
How does a keylogger get onto your computer?
Keyloggers invade a system just like other malicious programs. Most of the time, they are associated with malware packages and enter a system without the user’s consent.
Keyloggers are often installed onto the system when you open an infected file received via email, text message, P2P networks, instant message, and social network.
They may also intrude the system on visiting a malicious website.
Mostly, they are a part of a Trojan. They pose as highly essential software, tempting the users to download them, but are dangerous threats in reality.
The keyloggers capture the keystrokes typed by the user on the computer and store them in a file on the device. This file is transferred by a different program over the internet, later.
Usually, the file is not sent to the hackers directly because malware analyst may figure out the criminal.
That’s why the information is encrypted and sent to a public message board from where the hacker downloads it by hiding his original address.
Apart from spreading through malicious programs, keyloggers are sometimes legitimately installed on the devices.
Sometimes, parents use keyloggers for monitoring their child’s activities, or an organization uses it to track employee’s actions.
Even the government sometimes incorporates keyloggers in some systems to investigate and analyze certain cases linked to computers.
How to detect keyloggers on a system?
Detecting a keylogger is hard. Keyloggers skillfully hide, either by installing themselves in hidden directories or by hiding the application from the OS task list.
Indications of the presence of keyloggers on a system are given as follows:
- Your mouse or keyboard strokes pause or do not show up while you click or type.
- You receive error messages while loading graphics or web pages.
- The system performs slowly during web browsing.
You can also check the Task Manager of your computer to detect any unwanted software on your device. You may discover some unusual processes running on the system.
Search them online to figure out if they are keyloggers or not and if yes, then disable them.
Keyloggers need to be set up to continuously run on the computer and therefore, they must be started up with the OS. So, you can also search for them under the StartUp tab.
You may also check the internet usage report of your device. Select the ‘Data Usage’ option from ‘Network & Internet’ under ‘Settings’.
Click on ‘View usage details’ to get the list of programs running on the computer using the internet. Perform a web search on any of the names unknown to you and check if they are keyloggers.
How to protect your computer from a keylogger?
Since detecting keyloggers is difficult, you must be always alert and adopt protective measures beforehand to ensure your safety. There are different ways to protect yourself against keyloggers.
Beware of attachments
Keyloggers typically intrude a system through attachments of an email, text message, social network, chat, etc. Be careful while downloading or clicking such files. Avoid clicking any file from an unknown sender.
Careful use of passwords
Try using one-time passwords. Ensure that the sites you visit offer two-step verification.
You may use a password manager like McAfee SafeKey which will remember your login credentials and automatically provide them when you try to log in.
This prevents keylogging since you do not type in anything.
Alternative keyboard layout
Most of the keylogging software is designed based on QWERTY keyboards. So, you can opt for a different keyboard layout like DVORAK where the captured keys have no meaning unless converted.
Comprehensive security solution
You can implement an all-rounder security solution that will offer protection to all your devices – PC, smartphone, Mac and tablet.
For example, you can use McAfee LiveSafe that provides features like antivirus, firewalls, privacy as well as data protection.
You can also attempt anti-keylogger software to enhance the protection and security level of your system.
What are some of the popular anti-keylogger software?
Anti-keylogger software is better than anti-malware or anti-spyware utilities for combating keyloggers.
A comprehensive anti-keylogger analyzes all the processes running on a computer, from BIOS to OS to background services and applications.
Sometimes, keyloggers are rootkit viruses. So besides using anti-keylogger software, an anti-rootkit program will also bolster the security of the system.
Some popular softwares to combat keyloggers are discussed below.
This defense mechanism is applicable only to computers having Windows operating system. SpyShelter is very well equipped in fighting keyloggers.
Once installed, it runs all the time and tries detecting if any keylogging software is invading the system or not. If found, it blocks the latter from attacking the system.
SpyShelter also has scan operations that scan the device for checking the presence of any existing keylogger in it. If detected, it removes them as well.
To offer additional protection, SpyShelter encrypts your keystrokes so that keyloggers cannot understand them.
Zemana is suitable for Windows system. It is an anti-malware suite which offers protection as anti-keylogger software too.
It provides an encryption enforcer for safe web transmissions, an ad blocker, a malware scanner, and ransomware protection.
Zemana continuously runs in the background, checking and monitoring the activities, and scans the system for any suspicious download.
This is also available to Windows users only. Malwarebytes anti-rootkit solution is free, and that’s why many people opt for it.
When well-designed anti-keylogging software fails to solve the problem, Malwarebytes anti-rootkit solution comes to the rescue.
It goes down to the OS of your computer and performs a range of scans for keyloggers as well as rootkit viruses. It scans only when requested and does not work continuously.
Kaspersky Security scan has both free and paid versions. It is available for Windows, Mac, iOS, and Android.
Kaspersky security scan is a popular antivirus program which is responsible for removing rootkits as well as keyloggers. It goes deeper into the system and scans it effectively.
There are several other programs which can help in protecting your system from keyloggers. For example, GMER, aswMBR Rootkit Scanner, Bitdefender Rootkit Remover, Norton Power Eraser, Sophos Rootkit Removal, etc are wonderful tools for removing keyloggers as well as rootkit viruses.
Keyloggers are monitoring software used for tracking activities of the users. They may be legitimately used by parents for monitoring their child’s activities or by organizations to keep their employees’ activities under surveillance. Keyloggers were initially built with this motive only.
However, hackers have left no stone unturned to use the keyloggers illegally for fulfilling their harmful interests as well as for causing trouble to people by disrupting their privacy.
Keyloggers track down the keystrokes when a user types on the device and records them in a file. Later, the data is transferred to a remote destination from where the hacker accesses it.
Generally, they intrude a system as infected attachments through email, chat, text, social network, etc. Once installed, it is challenging to detect keyloggers.
To protect yourself against keyloggers, develop healthy online habits. Avoid clicking attachments from unknown sources, stop visiting unknown websites, avoid downloading free software, install comprehensive security solutions and try using keyboard layouts other than QWERTY.
Also, you can download reputed anti-keylogging software like SpyShelter, Zemana, etc. to bolster your device’s security and ensure your privacy.