Keyloggers are built for the act of keystroke logging — creating records of everything you type on a computer or mobile keyboard. These are used to quietly monitor your computer activity while you use your devices as normal. Keyloggers are used for legitimate purposes like feedback for software development but can be misused by criminals to steal your data.
The concept of a keylogger breaks down into two definitions:
You’ll find use of keyloggers in everything from Microsoft products to your own employer’s computers and servers. In some cases, your spouse may have put a keylogger on your phone or laptop to confirm their suspicions of infidelity. Worse cases have shown criminals to implant legitimate websites, apps, and even USB drives with keylogger malware.
Whether for malicious intent or for legitimate uses, you should be aware how keyloggers are affecting you. First, we’ll further define keystroke logging before diving into how keyloggers work. Then you’ll be able to better understand how to secure yourself from unwanted eyes.
Keystroke logging is an act of tracking and recording every keystroke entry made on a computer, often without the permission or knowledge of the user. A “keystroke” is just any interaction you make with a button on your keyboard.
Keystrokes are how you “speak” to your computers. Each keystroke transmits a signal that tells your computer programs what you want them to do.
These commands may include:
When logged, all this information is like listening to a private conversation. You believe you’re only “talking” with your device, but another person listened and wrote down everything you said. With our increasingly digital lives, we share a lot of highly sensitive information on our devices.
User behaviors and private data can easily be assembled from logged keystrokes. Everything from online banking access to social security numbers is entered into computers. Social media, email, websites visited, and even text messages sent can all be highly revealing.
Now that we’ve established a keystroke logging definition, we can explain how this is tracked through keyloggers.
Keylogger tools can either be hardware or software meant to automate the process of keystroke logging. These tools record the data sent by every keystroke into a text file to be retrieved at a later time. Some tools can record everything on your copy-cut-paste clipboard, calls, GPS data, and even microphone or camera footage.
Keyloggers are a surveillance tool with legitimate uses for personal or professional IT monitoring. Some of these uses enter an ethically questionable grey area. However, other keylogger uses are explicitly criminal.
Regardless of the use, keyloggers are often used without the user’s fully aware consent and keyloggers are used under the assumption that users should behave as normal.
Keylogger tools are mostly constructed for the same purpose. But they’ve got important distinctions in terms of the methods they use and their form factor.
Here are the two forms of keyloggers
Software keyloggers are computer programs that install onto your device’s hard drive. Common keylogger software types may include:
API-based keyloggers directly eavesdrop between the signals sent from each keypress to the program you’re typing into. Application programming interfaces (APIs) allow software developers and hardware manufacturers to speak the same “language” and integrate with each other. API keyloggers quietly intercept keyboard APIs, logging each keystroke in a system file.
“Form grabbing”-based keyloggers eavesdrop all text entered into website forms once you send it to the server. Data is recorded locally before it is transmitted online to the web server.
Kernel-based keyloggers work their way into the system’s core for admin-level permissions. These loggers can bypass and get unrestricted access to everything entered in your system.
Hardware keyloggers are physical components built-in or connected to your device. Some hardware methods may be able to track keystrokes without even being connected to your device. For brevity, we’ll include the keyloggers you are most likely to fend against:
Keyboard hardware keyloggers can be placed in line with your keyboard’s connection cable or built into the keyboard itself. This is the most direct form of interception of your typing signals.
Hidden camera keyloggers may be placed in public spaces like libraries to visually track keystrokes.
USB disk-loaded keyloggers can be a physical Trojan horse that delivers the keystroke logger malware once connected to your device.
To explain the uses of keyloggers, you’ll have to consider: what is keylogger activity legally limited to?
Four factors outline if keylogger use is legally acceptable, morally questionable, or criminal:
Legal keylogger use requires the person or organization implementing it to:
Consent is notably absent from this list. Keylogger users don’t have to obtain consent unless laws the area of use require them to. Obviously, this is ethically questionable for uses where people are not made aware that they are being watched.
In consensual cases, you may allow keystroke logging under clear language within terms of service or a contract. This includes any time you click “accept” to use public Wi-Fi or when you sign an employer’s contract.
Here are some common legitimate uses for keyloggers:
You might find legal keyloggers are in your daily life more than you realized. Fortunately, the power to control your data is often in your hands if the monitoring party has asked for access. Outside of employment, you can simply decline permission to the keyloggers if you so choose.
Non-consensual legal keyloggeruse is more questionable. While it violates trust and privacy of those being watched, this type of use likely operates in the bounds of the laws in your area.
In other words, a keylogger user can monitor computer products they own or made. They can even monitor their children’s devices legally. But they cannot surveil devices outside of their ownership. This leaves a bit of a grey area that can cause problems for all involved.
Without consent, people and organizations can use keyloggers for:
Even consent that has been buried under legal jargon within a contract or terms of service can be questionable. However, this does not explicitly cross the line of legality either.
Illegal keylogger use completely disregards consent, laws, and product ownership in favor of nefarious uses. Cybersecurity experts usually refer to this use case when discussing keyloggers.
When used for criminal purposes, keyloggers serve as malicious spyware meant to your capture sensitive information. Keyloggers record data like passwords or financial information, which is then sent to third-parties for criminal exploitation.
Criminal intent can apply in cases where keyloggers are used to:
Once the line has been crossed into criminal territory, keyloggers are regarded as malware. Security products account for the entire user case spectrum, so they may not label discovered keyloggers as immediate threats. Similarly to adware, the intent can be completely ambiguous.
Threats of keyloggers can come from many issues around the collection of sensitive data.
When you are unaware that everything you type onto your computer keyboard is being recorded, you may inadvertently expose your:
Sensitive information like this is highly valuable to third-parties, including advertisers and criminals. Once collected and stored, this data then becomes an easy target for theft.
Data breaches can expose saved keystroke logs, even in legitimate use cases. This data can easily be leaked inadvertently via an unsecured or unsupervised device or through a phishing attack. More common leaks can occur by a direct criminal attack with malware or other means. Organizations collecting mass keylogging data can be prime targets for a breach.
Criminal use of keyloggers can collect and exploit your information just as easily. Once they’ve infected you with malware via drive by download or other means, time is of the essence. They can access your accounts before you even know that your sensitive data has been compromised.
At this point, you’re probably wondering, “how do you know if you have a keylogger?” Especially since fighting keyloggers is a challenge in itself. If you end up with unwanted keystroke logging software or hardware, you might not have an easy time discovering it on your device.
Keyloggers can be hard to detectwithout software assistance. Malware and various potentially unwanted applications (PUAs) can consume a lot of your system’s resources. Power use, data traffic, and processor usage can skyrocket, leading you to suspect an infection. Keyloggers don’t always cause noticeable computer problems, like slow processes or glitches.
Software keyloggers can be hard to detect and remove even by some antivirus programs. Spyware is good at hiding itself. It often appears as normal files or traffic and can also potentially reinstall itself. Keylogger malware may reside in the computer operating system, at the keyboard API level, in memory or deep at the kernel level itself.
Hardware keyloggers will likely be impossible to detect without physical inspection. It is very likely that your security software won’t even be able to discover a hardware keylogging tool. However, if your device manufacturer has a built-in hardware keylogger, you may need an entirely new device just to get rid of it.
Fortunately, there are ways that make it possible to protect your computer from keyloggers.
Knowing how to detect a keylogger is only the first step towards safety. Proactive protection is critical to keeping your devices keylogger-free:
No matter how you approach anti-keylogger protection, the best defense is to install a good anti-spyware product that protects against keylogging malware. Using a complete Internet security solution with strong features to defeat keylogging is a reliable route towards safety.
Kaspersky Internet Security received two AV-TEST awards for the best performance & protection for an internet security product in 2021. In all tests Kaspersky Internet Security showed outstanding performance and protection against cyberthreats.